GET examples
This example returns all the firewall rules in the zone with ID {zone_id}.
curl "https://api.cloudflare.com/client/v4/zones/{zone_id}/firewall/rules" \--header "X-Auth-Email: <EMAIL>" \--header "X-Auth-Key: <API_KEY>"{  "result": [    {      "id": "<RULE_ID_1>",      "paused": false,      "description": "allow API traffic without challenge",      "action": "allow",      "priority": null,      "filter": {        "id": "<FILTER_ID_1>",        "expression": "http.request.uri.path matches \"^/api/.*$\"",        "paused": false,        "description": "/api"      }    },    {      "id": "<RULE_ID_2>",      "paused": false,      "description": "do not challenge login from office",      "action": "allow",      "priority": null,      "filter": {        "id": "<FILTER_ID_2>",        "expression": "ip.src in {2400:cb00::/32 2803:f800::/32 2c0f:f248::/32 2a06:98c0::/29} and (http.request.uri.path ~ \"^.*/wp-login.php$\" or http.request.uri.path ~ \"^.*/xmlrpc.php$\")",        "paused": false,        "description": "Login from office"      }    },    {      "id": "<RULE_ID_3>",      "paused": false,      "description": "challenge login",      "action": "challenge",      "priority": null,      "filter": {        "id": "<FILTER_ID_3>",        "expression": "(http.request.uri.path ~ \"^.*/wp-login.php$\" or http.request.uri.path ~ \"^.*/xmlrpc.php$\")",        "paused": false,        "description": "Login"      }    },    {      "id": "<RULE_ID_4>",      "paused": false,      "description": "JS challenge site",      "action": "js_challenge",      "priority": null,      "filter": {        "id": "<FILTER_ID_4>",        "expression": "not http.request.uri.path matches \"^/api/.*$\"",        "paused": false,        "description": "not /api"      }    }  ],  "success": true,  "errors": [],  "messages": [],  "result_info": {    "page": 1,    "per_page": 25,    "count": 4,    "total_count": 4,    "total_pages": 1  }}This example returns the firewall rule with ID {rule_id}.
curl "https://api.cloudflare.com/client/v4/zones/{zone_id}/firewall/rules/{rule_id}" \--header "X-Auth-Email: <EMAIL>" \--header "X-Auth-Key: <API_KEY>"{  "result": {    "id": "<RULE_ID>",    "paused": false,    "description": "do not challenge login from office",    "action": "allow",    "priority": null,    "filter": {      "id": "<FILTER_ID>",      "expression": "ip.src in {2400:cb00::/32 2803:f800::/32 2c0f:f248::/32 2a06:98c0::/29} and (http.request.uri.path ~ \"^.*/wp-login.php$\" or http.request.uri.path ~ \"^.*/xmlrpc.php$\")",      "paused": false,      "description": "Login from office"    }  },  "success": true,  "errors": [],  "messages": []}Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark