Cloudflare API - Gateway and WAF Commands
Cloudflare API - Gateway and WAF Commands
Set Variables
# Required Variables
ACCOUNT_ID=""
ZONE_ID=""
API_TOKEN=""
# Optional Variables (set when needed)
RULE_ID=""
RULESET_ID=""
LOCATION_ID=""
LIST_ID=""
TUNNEL_ID=""
Gateway DNS Policies
List All DNS Policies
curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rules?type=dns" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
Get Specific DNS Policy
curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rules/$RULE_ID" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
List DNS Locations
curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/locations" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
Get Specific DNS Location
curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/locations/$LOCATION_ID" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
List DNS Categories
curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/categories" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
Gateway Network Policies
List All Network Policies
curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rules?type=network" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
Get Specific Network Policy
curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rules/$RULE_ID" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
List Network Tunnels
curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tunnels" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
Get Specific Tunnel
curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tunnels/$TUNNEL_ID" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
List Device Posture Integrations
curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/devices/posture" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
Gateway HTTP Policies
List All HTTP Policies
curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rules?type=http" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
Get Specific HTTP Policy
curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rules/$RULE_ID" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
WAF (Web Application Firewall)
List Zone Rulesets
curl -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/rulesets" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
List Account-Level Rulesets
curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/rulesets" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
Get Specific Ruleset Details
curl -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/rulesets/$RULESET_ID" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
List Rules in Ruleset
curl -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/rulesets/$RULESET_ID" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
List WAF Managed Rules (Phase: http_request_firewall_managed)
curl -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/rulesets/phases/http_request_firewall_managed/entrypoint" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
List Custom WAF Rules (Phase: http_request_firewall_custom)
curl -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/rulesets/phases/http_request_firewall_custom/entrypoint" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
List Rate Limiting Rules (Phase: http_ratelimit)
curl -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/rulesets/phases/http_ratelimit/entrypoint" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
List DDoS Rules (Phase: ddos_l7)
curl -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/rulesets/phases/ddos_l7/entrypoint" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
List Transform Rules (Phase: http_request_transform)
curl -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/rulesets/phases/http_request_transform/entrypoint" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
List Response Header Transform Rules (Phase: http_response_headers_transform)
curl -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/rulesets/phases/http_response_headers_transform/entrypoint" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
Gateway Zero Trust Settings
List Zero Trust Organizations
curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/access/organizations" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
List Gateway Proxy Endpoints
curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/proxy_endpoints" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
List Gateway Lists (Custom Lists)
curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/lists" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
Get Specific Gateway List
curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/lists/$LIST_ID" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
List Gateway List Items
curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/lists/$LIST_ID/items" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
Gateway Logging & Analytics
List Gateway Audit Logs
curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/audit_ssh_settings" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
Get Gateway Configuration
curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/configuration" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
Additional Useful Commands
List All Zones (to get Zone IDs)
curl -X GET "https://api.cloudflare.com/client/v4/zones" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
Get Account Details
curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
List All Accounts
curl -X GET "https://api.cloudflare.com/client/v4/accounts" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
Pagination & Filtering
Paginated Request
curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rules?type=dns&page=1&per_page=50" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
Filter by Name
curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rules?name=MyPolicy" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
Common Phases Reference
| Phase | Description |
|---|---|
http_request_firewall_managed |
WAF Managed Rules |
http_request_firewall_custom |
Custom WAF Rules |
http_ratelimit |
Rate Limiting Rules |
ddos_l7 |
DDoS Protection (L7) |
http_request_transform |
URL Rewrite/Transform |
http_response_headers_transform |
Response Header Modification |
http_request_late_transform |
Late Transform Rules |
http_request_origin |
Origin Rules |
http_request_cache_settings |
Cache Rules |
Response Format
Successful API responses:
{
"success": true,
"errors": [],
"messages": [],
"result": { },
"result_info": {
"page": 1,
"per_page": 50,
"count": 10,
"total_count": 100
}
}
Quick Setup Script
#!/bin/bash
# Set your credentials here
export ACCOUNT_ID="your_account_id_here"
export ZONE_ID="your_zone_id_here"
export API_TOKEN="your_api_token_here"
# Now you can run any command from this guide
# Example: List all DNS policies
curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rules?type=dns" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json" | jq '.'
Notes
- jq Tool: Pipe output to
| jq '.'for formatted JSON - Rate Limits: 1200 requests per 5 minutes
- Token Permissions: Ensure proper scopes for Gateway and WAF access
- Documentation: https://developers.cloudflare.com/api/
Last Updated: 2025-11-19