Need help updating Firewall rule through API

viperpictures1 · April 4, 2023, 9:08pm

Hi everyone,

I’m currently trying to update a Firewall rule in my Cloudflare account through the API, but I’m having some trouble. The rule currently blocks traffic from IPs in the range 10.128.3.0 and 58.65.25.21, but I need to add 10.20.78.5 to the list.

I’ve tried using the following API call to update the rule, but it doesn’t seem to be working:

curl --request PUT

--url https://api.cloudflare.com/client/v4/zone/<zone-ID>/firewall/rules/<rule-id>
-H "Authorization: Bearer <my_token>"
-H "Content-Type:application/json"
--data '{"filter": {
"id": "<FIlter-ID>",
"expression": "(ip.src in {10.128.3.0 58.65.25.21 10.20.78.5})",
"paused": false
},
"action": "block",
"paused": false,
"description": "Block IP address"}'

The API call returns a success response, but when I check the rule in my Cloudflare dashboard, the IP address 10.20.78.5 has not been added.

Any help or guidance would be greatly appreciated. Thank you in advance!

vivacious605 · April 4, 2023, 9:32pm

It seems like the API call you provided is updating the entire rule instead of just adding an IP address to the existing rule. Instead, you should retrieve the existing rule using a GET request and then modify the filter to add the new IP address before updating the rule using a PUT request.

Here’s an example API call that should add the new IP address to the existing rule:

Retrieve the existing rule:

curl --request GET \
--url https://api.cloudflare.com/client/v4/zones/<zone-ID>/firewall/rules/<rule-id> \
-H "Authorization: Bearer <my_token>" \
-H "Content-Type: application/json"

This will return the current rule as a JSON object.

Modify the filter to add the new IP address:

{
  "id": "<Filter-ID>",
  "expression": "(ip.src in {10.128.3.0 58.65.25.21 10.20.78.5})",
  "paused": false
}

Note that you should replace with the ID of the filter you want to modify.

Update the rule with the modified filter:

curl --request PUT \
--url https://api.cloudflare.com/client/v4/zones/<zone-ID>/firewall/rules/<rule-id> \
-H "Authorization: Bearer <my_token>" \
-H "Content-Type: application/json" \
--data '{
  "filter": {
    "id": "<Filter-ID>",
    "expression": "(ip.src in {10.128.3.0 58.65.25.21 10.20.78.5})",
    "paused": false
  },
  "action": "block",
  "paused": false,
  "description": "Block IP address"
}'

Note that you should replace with the ID of the filter you modified in step 2.

This should update the existing rule to block traffic from the new IP address as well. I’d appreciate some assistance with this query.

cbrandt · April 4, 2023, 9:32pm

Hi,

Within the rule, there’s a filter. It’s the filter you need to update. Get the filter ID from the response to your call to the rule, then make the appropriate request to the update filter endpoint.

https://developers.cloudflare.com/api/operations/filters-update-a-filter

viperpictures1 · April 4, 2023, 9:48pm

Thanks for help I really appreciate that, and I look into your query but unfortunately I am not expert in this so I am not able to assist you.

viperpictures1 · April 4, 2023, 9:49pm

@cbrandt you are a life saver thank you very much you saved my lots of hours.

system · April 7, 2023, 9:49pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.