// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details. import * as Core from "../../core"; import { APIResource } from "../../resource"; import { isRequestOptions } from "../../core"; import { CloudflareError } from "../../error"; import * as RulesetsAPI from "./rulesets"; import * as RulesAPI from "./rules"; import * as PhasesAPI from "./phases/phases"; import * as VersionsAPI from "./versions/versions"; import { SinglePage } from "../../pagination"; export class Rulesets extends APIResource { phases: PhasesAPI.Phases = new PhasesAPI.Phases(this._client); rules: RulesAPI.Rules = new RulesAPI.Rules(this._client); versions: VersionsAPI.Versions = new VersionsAPI.Versions(this._client); /** * Creates a ruleset. */ create(params: RulesetCreateParams, options?: Core.RequestOptions): Core.APIPromise { const { account_id, zone_id, ...body } = params; if (!account_id && !zone_id) { throw new CloudflareError('You must provide either account_id or zone_id.'); } if (account_id && zone_id) { throw new CloudflareError('You cannot provide both account_id and zone_id.'); } const { accountOrZone, accountOrZoneId } = account_id ? { accountOrZone: 'accounts', accountOrZoneId: account_id, } : { accountOrZone: 'zones', accountOrZoneId: zone_id, }; return ( this._client.post(`/${accountOrZone}/${accountOrZoneId}/rulesets`, { body, ...options, }) as Core.APIPromise<{ result: Ruleset }> )._thenUnwrap((obj) => obj.result); } /** * Updates an account or zone ruleset, creating a new version. */ update( rulesetId: string, params: RulesetUpdateParams, options?: Core.RequestOptions, ): Core.APIPromise { const { account_id, zone_id, ...body } = params; if (!account_id && !zone_id) { throw new CloudflareError('You must provide either account_id or zone_id.'); } if (account_id && zone_id) { throw new CloudflareError('You cannot provide both account_id and zone_id.'); } const { accountOrZone, accountOrZoneId } = account_id ? { accountOrZone: 'accounts', accountOrZoneId: account_id, } : { accountOrZone: 'zones', accountOrZoneId: zone_id, }; return ( this._client.put(`/${accountOrZone}/${accountOrZoneId}/rulesets/${rulesetId}`, { body, ...options, }) as Core.APIPromise<{ result: Ruleset }> )._thenUnwrap((obj) => obj.result); } /** * Fetches all rulesets. */ list( params?: RulesetListParams, options?: Core.RequestOptions, ): Core.PagePromise; list(options?: Core.RequestOptions): Core.PagePromise; list( params: RulesetListParams | Core.RequestOptions = {}, options?: Core.RequestOptions, ): Core.PagePromise { if (isRequestOptions(params)) { return this.list({}, params); } const { account_id, zone_id } = params; if (!account_id && !zone_id) { throw new CloudflareError('You must provide either account_id or zone_id.'); } if (account_id && zone_id) { throw new CloudflareError('You cannot provide both account_id and zone_id.'); } const { accountOrZone, accountOrZoneId } = account_id ? { accountOrZone: 'accounts', accountOrZoneId: account_id, } : { accountOrZone: 'zones', accountOrZoneId: zone_id, }; return this._client.getAPIList( `/${accountOrZone}/${accountOrZoneId}/rulesets`, RulesetListResponsesSinglePage, options, ); } /** * Deletes all versions of an existing account or zone ruleset. */ delete( rulesetId: string, params?: RulesetDeleteParams, options?: Core.RequestOptions, ): Core.APIPromise; delete(rulesetId: string, options?: Core.RequestOptions): Core.APIPromise; delete( rulesetId: string, params: RulesetDeleteParams | Core.RequestOptions = {}, options?: Core.RequestOptions, ): Core.APIPromise { if (isRequestOptions(params)) { return this.delete(rulesetId, {}, params); } const { account_id, zone_id } = params; if (!account_id && !zone_id) { throw new CloudflareError('You must provide either account_id or zone_id.'); } if (account_id && zone_id) { throw new CloudflareError('You cannot provide both account_id and zone_id.'); } const { accountOrZone, accountOrZoneId } = account_id ? { accountOrZone: 'accounts', accountOrZoneId: account_id, } : { accountOrZone: 'zones', accountOrZoneId: zone_id, }; return this._client.delete(`/${accountOrZone}/${accountOrZoneId}/rulesets/${rulesetId}`, { ...options, headers: { Accept: '*/*', ...options?.headers }, }); } /** * Fetches the latest version of an account or zone ruleset. */ get(rulesetId: string, params?: RulesetGetParams, options?: Core.RequestOptions): Core.APIPromise; get(rulesetId: string, options?: Core.RequestOptions): Core.APIPromise; get( rulesetId: string, params: RulesetGetParams | Core.RequestOptions = {}, options?: Core.RequestOptions, ): Core.APIPromise { if (isRequestOptions(params)) { return this.get(rulesetId, {}, params); } const { account_id, zone_id } = params; if (!account_id && !zone_id) { throw new CloudflareError('You must provide either account_id or zone_id.'); } if (account_id && zone_id) { throw new CloudflareError('You cannot provide both account_id and zone_id.'); } const { accountOrZone, accountOrZoneId } = account_id ? { accountOrZone: 'accounts', accountOrZoneId: account_id, } : { accountOrZone: 'zones', accountOrZoneId: zone_id, }; return ( this._client.get( `/${accountOrZone}/${accountOrZoneId}/rulesets/${rulesetId}`, options, ) as Core.APIPromise<{ result: Ruleset }> )._thenUnwrap((obj) => obj.result); } } export class RulesetListResponsesSinglePage extends SinglePage {} /** * A ruleset object. */ export interface Ruleset { /** * The unique ID of the ruleset. */ id: string; /** * The kind of the ruleset. */ kind: 'managed' | 'custom' | 'root' | 'zone'; /** * The timestamp of when the ruleset was last modified. */ last_updated: string; /** * The human-readable name of the ruleset. */ name: string; /** * The phase of the ruleset. */ phase: | 'ddos_l4' | 'ddos_l7' | 'http_config_settings' | 'http_custom_errors' | 'http_log_custom_fields' | 'http_ratelimit' | 'http_request_cache_settings' | 'http_request_dynamic_redirect' | 'http_request_firewall_custom' | 'http_request_firewall_managed' | 'http_request_late_transform' | 'http_request_origin' | 'http_request_redirect' | 'http_request_sanitize' | 'http_request_sbfm' | 'http_request_select_configuration' | 'http_request_transform' | 'http_response_compression' | 'http_response_firewall_managed' | 'http_response_headers_transform' | 'magic_transit' | 'magic_transit_ids_managed' | 'magic_transit_managed'; /** * The list of rules in the ruleset. */ rules: Array< | Ruleset.RulesetsBlockRule | Ruleset.RulesetsExecuteRule | Ruleset.RulesetsLogRule | Ruleset.RulesetsSkipRule >; /** * The version of the ruleset. */ version: string; /** * An informative description of the ruleset. */ description?: string; } export namespace Ruleset { export interface RulesetsBlockRule { /** * The timestamp of when the rule was last modified. */ last_updated: string; /** * The version of the rule. */ version: string; /** * The unique ID of the rule. */ id?: string; /** * The action to perform when the rule matches. */ action?: 'block'; /** * The parameters configuring the rule's action. */ action_parameters?: RulesetsBlockRule.ActionParameters; /** * The categories of the rule. */ categories?: Array; /** * An informative description of the rule. */ description?: string; /** * Whether the rule should be executed. */ enabled?: boolean; /** * The expression defining which traffic will match the rule. */ expression?: string; /** * An object configuring the rule's logging behavior. */ logging?: RulesetsBlockRule.Logging; /** * The reference of the rule (the rule ID by default). */ ref?: string; } export namespace RulesetsBlockRule { /** * The parameters configuring the rule's action. */ export interface ActionParameters { /** * The response to show when the block is applied. */ response?: ActionParameters.Response; } export namespace ActionParameters { /** * The response to show when the block is applied. */ export interface Response { /** * The content to return. */ content: string; /** * The type of the content to return. */ content_type: string; /** * The status code to return. */ status_code: number; } } /** * An object configuring the rule's logging behavior. */ export interface Logging { /** * Whether to generate a log when the rule matches. */ enabled: boolean; } } export interface RulesetsExecuteRule { /** * The timestamp of when the rule was last modified. */ last_updated: string; /** * The version of the rule. */ version: string; /** * The unique ID of the rule. */ id?: string; /** * The action to perform when the rule matches. */ action?: 'execute'; /** * The parameters configuring the rule's action. */ action_parameters?: RulesetsExecuteRule.ActionParameters; /** * The categories of the rule. */ categories?: Array; /** * An informative description of the rule. */ description?: string; /** * Whether the rule should be executed. */ enabled?: boolean; /** * The expression defining which traffic will match the rule. */ expression?: string; /** * An object configuring the rule's logging behavior. */ logging?: RulesetsExecuteRule.Logging; /** * The reference of the rule (the rule ID by default). */ ref?: string; } export namespace RulesetsExecuteRule { /** * The parameters configuring the rule's action. */ export interface ActionParameters { /** * The ID of the ruleset to execute. */ id: string; /** * The configuration to use for matched data logging. */ matched_data?: ActionParameters.MatchedData; /** * A set of overrides to apply to the target ruleset. */ overrides?: ActionParameters.Overrides; } export namespace ActionParameters { /** * The configuration to use for matched data logging. */ export interface MatchedData { /** * The public key to encrypt matched data logs with. */ public_key: string; } /** * A set of overrides to apply to the target ruleset. */ export interface Overrides { /** * An action to override all rules with. This option has lower precedence than rule * and category overrides. */ action?: string; /** * A list of category-level overrides. This option has the second-highest * precedence after rule-level overrides. */ categories?: Array; /** * Whether to enable execution of all rules. This option has lower precedence than * rule and category overrides. */ enabled?: boolean; /** * A list of rule-level overrides. This option has the highest precedence. */ rules?: Array; /** * A sensitivity level to set for all rules. This option has lower precedence than * rule and category overrides and is only applicable for DDoS phases. */ sensitivity_level?: 'default' | 'medium' | 'low' | 'eoff'; } export namespace Overrides { /** * A category-level override */ export interface Category { /** * The name of the category to override. */ category: string; /** * The action to override rules in the category with. */ action?: string; /** * Whether to enable execution of rules in the category. */ enabled?: boolean; /** * The sensitivity level to use for rules in the category. */ sensitivity_level?: 'default' | 'medium' | 'low' | 'eoff'; } /** * A rule-level override */ export interface Rule { /** * The ID of the rule to override. */ id: string; /** * The action to override the rule with. */ action?: string; /** * Whether to enable execution of the rule. */ enabled?: boolean; /** * The score threshold to use for the rule. */ score_threshold?: number; /** * The sensitivity level to use for the rule. */ sensitivity_level?: 'default' | 'medium' | 'low' | 'eoff'; } } } /** * An object configuring the rule's logging behavior. */ export interface Logging { /** * Whether to generate a log when the rule matches. */ enabled: boolean; } } export interface RulesetsLogRule { /** * The timestamp of when the rule was last modified. */ last_updated: string; /** * The version of the rule. */ version: string; /** * The unique ID of the rule. */ id?: string; /** * The action to perform when the rule matches. */ action?: 'log'; /** * The parameters configuring the rule's action. */ action_parameters?: unknown; /** * The categories of the rule. */ categories?: Array; /** * An informative description of the rule. */ description?: string; /** * Whether the rule should be executed. */ enabled?: boolean; /** * The expression defining which traffic will match the rule. */ expression?: string; /** * An object configuring the rule's logging behavior. */ logging?: RulesetsLogRule.Logging; /** * The reference of the rule (the rule ID by default). */ ref?: string; } export namespace RulesetsLogRule { /** * An object configuring the rule's logging behavior. */ export interface Logging { /** * Whether to generate a log when the rule matches. */ enabled: boolean; } } export interface RulesetsSkipRule { /** * The timestamp of when the rule was last modified. */ last_updated: string; /** * The version of the rule. */ version: string; /** * The unique ID of the rule. */ id?: string; /** * The action to perform when the rule matches. */ action?: 'skip'; /** * The parameters configuring the rule's action. */ action_parameters?: RulesetsSkipRule.ActionParameters; /** * The categories of the rule. */ categories?: Array; /** * An informative description of the rule. */ description?: string; /** * Whether the rule should be executed. */ enabled?: boolean; /** * The expression defining which traffic will match the rule. */ expression?: string; /** * An object configuring the rule's logging behavior. */ logging?: RulesetsSkipRule.Logging; /** * The reference of the rule (the rule ID by default). */ ref?: string; } export namespace RulesetsSkipRule { /** * The parameters configuring the rule's action. */ export interface ActionParameters { /** * A list of phases to skip the execution of. This option is incompatible with the * ruleset and rulesets options. */ phases?: Array< | 'ddos_l4' | 'ddos_l7' | 'http_config_settings' | 'http_custom_errors' | 'http_log_custom_fields' | 'http_ratelimit' | 'http_request_cache_settings' | 'http_request_dynamic_redirect' | 'http_request_firewall_custom' | 'http_request_firewall_managed' | 'http_request_late_transform' | 'http_request_origin' | 'http_request_redirect' | 'http_request_sanitize' | 'http_request_sbfm' | 'http_request_select_configuration' | 'http_request_transform' | 'http_response_compression' | 'http_response_firewall_managed' | 'http_response_headers_transform' | 'magic_transit' | 'magic_transit_ids_managed' | 'magic_transit_managed' >; /** * A list of legacy security products to skip the execution of. */ products?: Array<'bic' | 'hot' | 'rateLimit' | 'securityLevel' | 'uaBlock' | 'waf' | 'zoneLockdown'>; /** * A mapping of ruleset IDs to a list of rule IDs in that ruleset to skip the * execution of. This option is incompatible with the ruleset option. */ rules?: Record>; /** * A ruleset to skip the execution of. This option is incompatible with the * rulesets, rules and phases options. */ ruleset?: 'current'; /** * A list of ruleset IDs to skip the execution of. This option is incompatible with * the ruleset and phases options. */ rulesets?: Array; } /** * An object configuring the rule's logging behavior. */ export interface Logging { /** * Whether to generate a log when the rule matches. */ enabled: boolean; } } } /** * A ruleset object. */ export interface RulesetListResponse { /** * The kind of the ruleset. */ kind: 'managed' | 'custom' | 'root' | 'zone'; /** * The human-readable name of the ruleset. */ name: string; /** * The phase of the ruleset. */ phase: | 'ddos_l4' | 'ddos_l7' | 'http_config_settings' | 'http_custom_errors' | 'http_log_custom_fields' | 'http_ratelimit' | 'http_request_cache_settings' | 'http_request_dynamic_redirect' | 'http_request_firewall_custom' | 'http_request_firewall_managed' | 'http_request_late_transform' | 'http_request_origin' | 'http_request_redirect' | 'http_request_sanitize' | 'http_request_sbfm' | 'http_request_select_configuration' | 'http_request_transform' | 'http_response_compression' | 'http_response_firewall_managed' | 'http_response_headers_transform' | 'magic_transit' | 'magic_transit_ids_managed' | 'magic_transit_managed'; /** * The unique ID of the ruleset. */ id?: string; /** * An informative description of the ruleset. */ description?: string; /** * The timestamp of when the ruleset was last modified. */ last_updated?: string; /** * The version of the ruleset. */ version?: string; } export interface RulesetCreateParams { /** * Body param: The kind of the ruleset. */ kind: 'managed' | 'custom' | 'root' | 'zone'; /** * Body param: The human-readable name of the ruleset. */ name: string; /** * Body param: The phase of the ruleset. */ phase: | 'ddos_l4' | 'ddos_l7' | 'http_config_settings' | 'http_custom_errors' | 'http_log_custom_fields' | 'http_ratelimit' | 'http_request_cache_settings' | 'http_request_dynamic_redirect' | 'http_request_firewall_custom' | 'http_request_firewall_managed' | 'http_request_late_transform' | 'http_request_origin' | 'http_request_redirect' | 'http_request_sanitize' | 'http_request_sbfm' | 'http_request_select_configuration' | 'http_request_transform' | 'http_response_compression' | 'http_response_firewall_managed' | 'http_response_headers_transform' | 'magic_transit' | 'magic_transit_ids_managed' | 'magic_transit_managed'; /** * Body param: The list of rules in the ruleset. */ rules: Array< | RulesetCreateParams.RulesetsBlockRule | RulesetCreateParams.RulesetsExecuteRule | RulesetCreateParams.RulesetsLogRule | RulesetCreateParams.RulesetsSkipRule >; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: An informative description of the ruleset. */ description?: string; } export namespace RulesetCreateParams { export interface RulesetsBlockRule { /** * The unique ID of the rule. */ id?: string; /** * The action to perform when the rule matches. */ action?: 'block'; /** * The parameters configuring the rule's action. */ action_parameters?: RulesetsBlockRule.ActionParameters; /** * An informative description of the rule. */ description?: string; /** * Whether the rule should be executed. */ enabled?: boolean; /** * The expression defining which traffic will match the rule. */ expression?: string; /** * An object configuring the rule's logging behavior. */ logging?: RulesetsBlockRule.Logging; /** * The reference of the rule (the rule ID by default). */ ref?: string; } export namespace RulesetsBlockRule { /** * The parameters configuring the rule's action. */ export interface ActionParameters { /** * The response to show when the block is applied. */ response?: ActionParameters.Response; } export namespace ActionParameters { /** * The response to show when the block is applied. */ export interface Response { /** * The content to return. */ content: string; /** * The type of the content to return. */ content_type: string; /** * The status code to return. */ status_code: number; } } /** * An object configuring the rule's logging behavior. */ export interface Logging { /** * Whether to generate a log when the rule matches. */ enabled: boolean; } } export interface RulesetsExecuteRule { /** * The unique ID of the rule. */ id?: string; /** * The action to perform when the rule matches. */ action?: 'execute'; /** * The parameters configuring the rule's action. */ action_parameters?: RulesetsExecuteRule.ActionParameters; /** * An informative description of the rule. */ description?: string; /** * Whether the rule should be executed. */ enabled?: boolean; /** * The expression defining which traffic will match the rule. */ expression?: string; /** * An object configuring the rule's logging behavior. */ logging?: RulesetsExecuteRule.Logging; /** * The reference of the rule (the rule ID by default). */ ref?: string; } export namespace RulesetsExecuteRule { /** * The parameters configuring the rule's action. */ export interface ActionParameters { /** * The ID of the ruleset to execute. */ id: string; /** * The configuration to use for matched data logging. */ matched_data?: ActionParameters.MatchedData; /** * A set of overrides to apply to the target ruleset. */ overrides?: ActionParameters.Overrides; } export namespace ActionParameters { /** * The configuration to use for matched data logging. */ export interface MatchedData { /** * The public key to encrypt matched data logs with. */ public_key: string; } /** * A set of overrides to apply to the target ruleset. */ export interface Overrides { /** * An action to override all rules with. This option has lower precedence than rule * and category overrides. */ action?: string; /** * A list of category-level overrides. This option has the second-highest * precedence after rule-level overrides. */ categories?: Array; /** * Whether to enable execution of all rules. This option has lower precedence than * rule and category overrides. */ enabled?: boolean; /** * A list of rule-level overrides. This option has the highest precedence. */ rules?: Array; /** * A sensitivity level to set for all rules. This option has lower precedence than * rule and category overrides and is only applicable for DDoS phases. */ sensitivity_level?: 'default' | 'medium' | 'low' | 'eoff'; } export namespace Overrides { /** * A category-level override */ export interface Category { /** * The name of the category to override. */ category: string; /** * The action to override rules in the category with. */ action?: string; /** * Whether to enable execution of rules in the category. */ enabled?: boolean; /** * The sensitivity level to use for rules in the category. */ sensitivity_level?: 'default' | 'medium' | 'low' | 'eoff'; } /** * A rule-level override */ export interface Rule { /** * The ID of the rule to override. */ id: string; /** * The action to override the rule with. */ action?: string; /** * Whether to enable execution of the rule. */ enabled?: boolean; /** * The score threshold to use for the rule. */ score_threshold?: number; /** * The sensitivity level to use for the rule. */ sensitivity_level?: 'default' | 'medium' | 'low' | 'eoff'; } } } /** * An object configuring the rule's logging behavior. */ export interface Logging { /** * Whether to generate a log when the rule matches. */ enabled: boolean; } } export interface RulesetsLogRule { /** * The unique ID of the rule. */ id?: string; /** * The action to perform when the rule matches. */ action?: 'log'; /** * The parameters configuring the rule's action. */ action_parameters?: unknown; /** * An informative description of the rule. */ description?: string; /** * Whether the rule should be executed. */ enabled?: boolean; /** * The expression defining which traffic will match the rule. */ expression?: string; /** * An object configuring the rule's logging behavior. */ logging?: RulesetsLogRule.Logging; /** * The reference of the rule (the rule ID by default). */ ref?: string; } export namespace RulesetsLogRule { /** * An object configuring the rule's logging behavior. */ export interface Logging { /** * Whether to generate a log when the rule matches. */ enabled: boolean; } } export interface RulesetsSkipRule { /** * The unique ID of the rule. */ id?: string; /** * The action to perform when the rule matches. */ action?: 'skip'; /** * The parameters configuring the rule's action. */ action_parameters?: RulesetsSkipRule.ActionParameters; /** * An informative description of the rule. */ description?: string; /** * Whether the rule should be executed. */ enabled?: boolean; /** * The expression defining which traffic will match the rule. */ expression?: string; /** * An object configuring the rule's logging behavior. */ logging?: RulesetsSkipRule.Logging; /** * The reference of the rule (the rule ID by default). */ ref?: string; } export namespace RulesetsSkipRule { /** * The parameters configuring the rule's action. */ export interface ActionParameters { /** * A list of phases to skip the execution of. This option is incompatible with the * ruleset and rulesets options. */ phases?: Array< | 'ddos_l4' | 'ddos_l7' | 'http_config_settings' | 'http_custom_errors' | 'http_log_custom_fields' | 'http_ratelimit' | 'http_request_cache_settings' | 'http_request_dynamic_redirect' | 'http_request_firewall_custom' | 'http_request_firewall_managed' | 'http_request_late_transform' | 'http_request_origin' | 'http_request_redirect' | 'http_request_sanitize' | 'http_request_sbfm' | 'http_request_select_configuration' | 'http_request_transform' | 'http_response_compression' | 'http_response_firewall_managed' | 'http_response_headers_transform' | 'magic_transit' | 'magic_transit_ids_managed' | 'magic_transit_managed' >; /** * A list of legacy security products to skip the execution of. */ products?: Array<'bic' | 'hot' | 'rateLimit' | 'securityLevel' | 'uaBlock' | 'waf' | 'zoneLockdown'>; /** * A mapping of ruleset IDs to a list of rule IDs in that ruleset to skip the * execution of. This option is incompatible with the ruleset option. */ rules?: Record>; /** * A ruleset to skip the execution of. This option is incompatible with the * rulesets, rules and phases options. */ ruleset?: 'current'; /** * A list of ruleset IDs to skip the execution of. This option is incompatible with * the ruleset and phases options. */ rulesets?: Array; } /** * An object configuring the rule's logging behavior. */ export interface Logging { /** * Whether to generate a log when the rule matches. */ enabled: boolean; } } } export interface RulesetUpdateParams { /** * Body param: The unique ID of the ruleset. */ id: string; /** * Body param: The list of rules in the ruleset. */ rules: Array< | RulesetUpdateParams.RulesetsBlockRule | RulesetUpdateParams.RulesetsExecuteRule | RulesetUpdateParams.RulesetsLogRule | RulesetUpdateParams.RulesetsSkipRule >; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: An informative description of the ruleset. */ description?: string; /** * Body param: The kind of the ruleset. */ kind?: 'managed' | 'custom' | 'root' | 'zone'; /** * Body param: The human-readable name of the ruleset. */ name?: string; /** * Body param: The phase of the ruleset. */ phase?: | 'ddos_l4' | 'ddos_l7' | 'http_config_settings' | 'http_custom_errors' | 'http_log_custom_fields' | 'http_ratelimit' | 'http_request_cache_settings' | 'http_request_dynamic_redirect' | 'http_request_firewall_custom' | 'http_request_firewall_managed' | 'http_request_late_transform' | 'http_request_origin' | 'http_request_redirect' | 'http_request_sanitize' | 'http_request_sbfm' | 'http_request_select_configuration' | 'http_request_transform' | 'http_response_compression' | 'http_response_firewall_managed' | 'http_response_headers_transform' | 'magic_transit' | 'magic_transit_ids_managed' | 'magic_transit_managed'; } export namespace RulesetUpdateParams { export interface RulesetsBlockRule { /** * The unique ID of the rule. */ id?: string; /** * The action to perform when the rule matches. */ action?: 'block'; /** * The parameters configuring the rule's action. */ action_parameters?: RulesetsBlockRule.ActionParameters; /** * An informative description of the rule. */ description?: string; /** * Whether the rule should be executed. */ enabled?: boolean; /** * The expression defining which traffic will match the rule. */ expression?: string; /** * An object configuring the rule's logging behavior. */ logging?: RulesetsBlockRule.Logging; /** * The reference of the rule (the rule ID by default). */ ref?: string; } export namespace RulesetsBlockRule { /** * The parameters configuring the rule's action. */ export interface ActionParameters { /** * The response to show when the block is applied. */ response?: ActionParameters.Response; } export namespace ActionParameters { /** * The response to show when the block is applied. */ export interface Response { /** * The content to return. */ content: string; /** * The type of the content to return. */ content_type: string; /** * The status code to return. */ status_code: number; } } /** * An object configuring the rule's logging behavior. */ export interface Logging { /** * Whether to generate a log when the rule matches. */ enabled: boolean; } } export interface RulesetsExecuteRule { /** * The unique ID of the rule. */ id?: string; /** * The action to perform when the rule matches. */ action?: 'execute'; /** * The parameters configuring the rule's action. */ action_parameters?: RulesetsExecuteRule.ActionParameters; /** * An informative description of the rule. */ description?: string; /** * Whether the rule should be executed. */ enabled?: boolean; /** * The expression defining which traffic will match the rule. */ expression?: string; /** * An object configuring the rule's logging behavior. */ logging?: RulesetsExecuteRule.Logging; /** * The reference of the rule (the rule ID by default). */ ref?: string; } export namespace RulesetsExecuteRule { /** * The parameters configuring the rule's action. */ export interface ActionParameters { /** * The ID of the ruleset to execute. */ id: string; /** * The configuration to use for matched data logging. */ matched_data?: ActionParameters.MatchedData; /** * A set of overrides to apply to the target ruleset. */ overrides?: ActionParameters.Overrides; } export namespace ActionParameters { /** * The configuration to use for matched data logging. */ export interface MatchedData { /** * The public key to encrypt matched data logs with. */ public_key: string; } /** * A set of overrides to apply to the target ruleset. */ export interface Overrides { /** * An action to override all rules with. This option has lower precedence than rule * and category overrides. */ action?: string; /** * A list of category-level overrides. This option has the second-highest * precedence after rule-level overrides. */ categories?: Array; /** * Whether to enable execution of all rules. This option has lower precedence than * rule and category overrides. */ enabled?: boolean; /** * A list of rule-level overrides. This option has the highest precedence. */ rules?: Array; /** * A sensitivity level to set for all rules. This option has lower precedence than * rule and category overrides and is only applicable for DDoS phases. */ sensitivity_level?: 'default' | 'medium' | 'low' | 'eoff'; } export namespace Overrides { /** * A category-level override */ export interface Category { /** * The name of the category to override. */ category: string; /** * The action to override rules in the category with. */ action?: string; /** * Whether to enable execution of rules in the category. */ enabled?: boolean; /** * The sensitivity level to use for rules in the category. */ sensitivity_level?: 'default' | 'medium' | 'low' | 'eoff'; } /** * A rule-level override */ export interface Rule { /** * The ID of the rule to override. */ id: string; /** * The action to override the rule with. */ action?: string; /** * Whether to enable execution of the rule. */ enabled?: boolean; /** * The score threshold to use for the rule. */ score_threshold?: number; /** * The sensitivity level to use for the rule. */ sensitivity_level?: 'default' | 'medium' | 'low' | 'eoff'; } } } /** * An object configuring the rule's logging behavior. */ export interface Logging { /** * Whether to generate a log when the rule matches. */ enabled: boolean; } } export interface RulesetsLogRule { /** * The unique ID of the rule. */ id?: string; /** * The action to perform when the rule matches. */ action?: 'log'; /** * The parameters configuring the rule's action. */ action_parameters?: unknown; /** * An informative description of the rule. */ description?: string; /** * Whether the rule should be executed. */ enabled?: boolean; /** * The expression defining which traffic will match the rule. */ expression?: string; /** * An object configuring the rule's logging behavior. */ logging?: RulesetsLogRule.Logging; /** * The reference of the rule (the rule ID by default). */ ref?: string; } export namespace RulesetsLogRule { /** * An object configuring the rule's logging behavior. */ export interface Logging { /** * Whether to generate a log when the rule matches. */ enabled: boolean; } } export interface RulesetsSkipRule { /** * The unique ID of the rule. */ id?: string; /** * The action to perform when the rule matches. */ action?: 'skip'; /** * The parameters configuring the rule's action. */ action_parameters?: RulesetsSkipRule.ActionParameters; /** * An informative description of the rule. */ description?: string; /** * Whether the rule should be executed. */ enabled?: boolean; /** * The expression defining which traffic will match the rule. */ expression?: string; /** * An object configuring the rule's logging behavior. */ logging?: RulesetsSkipRule.Logging; /** * The reference of the rule (the rule ID by default). */ ref?: string; } export namespace RulesetsSkipRule { /** * The parameters configuring the rule's action. */ export interface ActionParameters { /** * A list of phases to skip the execution of. This option is incompatible with the * ruleset and rulesets options. */ phases?: Array< | 'ddos_l4' | 'ddos_l7' | 'http_config_settings' | 'http_custom_errors' | 'http_log_custom_fields' | 'http_ratelimit' | 'http_request_cache_settings' | 'http_request_dynamic_redirect' | 'http_request_firewall_custom' | 'http_request_firewall_managed' | 'http_request_late_transform' | 'http_request_origin' | 'http_request_redirect' | 'http_request_sanitize' | 'http_request_sbfm' | 'http_request_select_configuration' | 'http_request_transform' | 'http_response_compression' | 'http_response_firewall_managed' | 'http_response_headers_transform' | 'magic_transit' | 'magic_transit_ids_managed' | 'magic_transit_managed' >; /** * A list of legacy security products to skip the execution of. */ products?: Array<'bic' | 'hot' | 'rateLimit' | 'securityLevel' | 'uaBlock' | 'waf' | 'zoneLockdown'>; /** * A mapping of ruleset IDs to a list of rule IDs in that ruleset to skip the * execution of. This option is incompatible with the ruleset option. */ rules?: Record>; /** * A ruleset to skip the execution of. This option is incompatible with the * rulesets, rules and phases options. */ ruleset?: 'current'; /** * A list of ruleset IDs to skip the execution of. This option is incompatible with * the ruleset and phases options. */ rulesets?: Array; } /** * An object configuring the rule's logging behavior. */ export interface Logging { /** * Whether to generate a log when the rule matches. */ enabled: boolean; } } } export interface RulesetListParams { /** * The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. */ account_id?: string; /** * The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. */ zone_id?: string; } export interface RulesetDeleteParams { /** * The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. */ account_id?: string; /** * The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. */ zone_id?: string; } export interface RulesetGetParams { /** * The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. */ account_id?: string; /** * The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. */ zone_id?: string; } export namespace Rulesets { export import Ruleset = RulesetsAPI.Ruleset; export import RulesetListResponse = RulesetsAPI.RulesetListResponse; export import RulesetListResponsesSinglePage = RulesetsAPI.RulesetListResponsesSinglePage; export import RulesetCreateParams = RulesetsAPI.RulesetCreateParams; export import RulesetUpdateParams = RulesetsAPI.RulesetUpdateParams; export import RulesetListParams = RulesetsAPI.RulesetListParams; export import RulesetDeleteParams = RulesetsAPI.RulesetDeleteParams; export import RulesetGetParams = RulesetsAPI.RulesetGetParams; export import Phases = PhasesAPI.Phases; export import PhaseUpdateParams = PhasesAPI.PhaseUpdateParams; export import PhaseGetParams = PhasesAPI.PhaseGetParams; export import Rules = RulesAPI.Rules; export import RuleCreateParams = RulesAPI.RuleCreateParams; export import RuleDeleteParams = RulesAPI.RuleDeleteParams; export import RuleEditParams = RulesAPI.RuleEditParams; export import Versions = VersionsAPI.Versions; export import VersionListResponse = VersionsAPI.VersionListResponse; export import VersionListResponsesSinglePage = VersionsAPI.VersionListResponsesSinglePage; export import VersionListParams = VersionsAPI.VersionListParams; export import VersionDeleteParams = VersionsAPI.VersionDeleteParams; export import VersionGetParams = VersionsAPI.VersionGetParams; }