cloudflare

// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details. import { APIResource } from '../../resource'; import { isRequestOptions } from '../../core'; import * as Core from '../../core'; import * as RulesAPI from './rules'; import * as RulesetsAPI from './rulesets'; import { CloudflareError } from '../../error'; export class Rules extends APIResource { /** * Adds a new rule to an account or zone ruleset. The rule will be added to the end * of the existing list of rules in the ruleset by default. * * @example * ```ts * const rule = await client.rulesets.rules.create( * '2f2feab2026849078ba485f918791bdc', * { account_id: 'account_id' }, * ); * ``` */ create( rulesetId: string, params: RuleCreateParams, options?: Core.RequestOptions, ): Core.APIPromise<RuleCreateResponse> { const { account_id, zone_id, ...body } = params; if (!account_id && !zone_id) { throw new CloudflareError('You must provide either account_id or zone_id.'); } if (account_id && zone_id) { throw new CloudflareError('You cannot provide both account_id and zone_id.'); } const { accountOrZone, accountOrZoneId } = account_id ? { accountOrZone: 'accounts', accountOrZoneId: account_id, } : { accountOrZone: 'zones', accountOrZoneId: zone_id, }; return ( this._client.post(`/${accountOrZone}/${accountOrZoneId}/rulesets/${rulesetId}/rules`, { body, ...options, }) as Core.APIPromise<{ result: RuleCreateResponse }> )._thenUnwrap((obj) => obj.result); } /** * Deletes an existing rule from an account or zone ruleset. * * @example * ```ts * const rule = await client.rulesets.rules.delete( * '2f2feab2026849078ba485f918791bdc', * '3a03d665bac047339bb530ecb439a90d', * { account_id: 'account_id' }, * ); * ``` */ delete( rulesetId: string, ruleId: string, params?: RuleDeleteParams, options?: Core.RequestOptions, ): Core.APIPromise<RuleDeleteResponse>; delete( rulesetId: string, ruleId: string, options?: Core.RequestOptions, ): Core.APIPromise<RuleDeleteResponse>; delete( rulesetId: string, ruleId: string, params: RuleDeleteParams | Core.RequestOptions = {}, options?: Core.RequestOptions, ): Core.APIPromise<RuleDeleteResponse> { if (isRequestOptions(params)) { return this.delete(rulesetId, ruleId, {}, params); } const { account_id, zone_id } = params; if (!account_id && !zone_id) { throw new CloudflareError('You must provide either account_id or zone_id.'); } if (account_id && zone_id) { throw new CloudflareError('You cannot provide both account_id and zone_id.'); } const { accountOrZone, accountOrZoneId } = account_id ? { accountOrZone: 'accounts', accountOrZoneId: account_id, } : { accountOrZone: 'zones', accountOrZoneId: zone_id, }; return ( this._client.delete( `/${accountOrZone}/${accountOrZoneId}/rulesets/${rulesetId}/rules/${ruleId}`, options, ) as Core.APIPromise<{ result: RuleDeleteResponse }> )._thenUnwrap((obj) => obj.result); } /** * Updates an existing rule in an account or zone ruleset. * * @example * ```ts * const response = await client.rulesets.rules.edit( * '2f2feab2026849078ba485f918791bdc', * '3a03d665bac047339bb530ecb439a90d', * { account_id: 'account_id' }, * ); * ``` */ edit( rulesetId: string, ruleId: string, params: RuleEditParams, options?: Core.RequestOptions, ): Core.APIPromise<RuleEditResponse> { const { account_id, zone_id, ...body } = params; if (!account_id && !zone_id) { throw new CloudflareError('You must provide either account_id or zone_id.'); } if (account_id && zone_id) { throw new CloudflareError('You cannot provide both account_id and zone_id.'); } const { accountOrZone, accountOrZoneId } = account_id ? { accountOrZone: 'accounts', accountOrZoneId: account_id, } : { accountOrZone: 'zones', accountOrZoneId: zone_id, }; return ( this._client.patch(`/${accountOrZone}/${accountOrZoneId}/rulesets/${rulesetId}/rules/${ruleId}`, { body, ...options, }) as Core.APIPromise<{ result: RuleEditResponse }> )._thenUnwrap((obj) => obj.result); } } export interface BlockRule { /** * The timestamp of when the rule was last modified. */ last_updated: string; /** * The version of the rule. */ version: string; /** * The unique ID of the rule. */ id?: string; /** * The action to perform when the rule matches. */ action?: 'block'; /** * The parameters configuring the rule's action. */ action_parameters?: BlockRule.ActionParameters; /** * The categories of the rule. */ categories?: Array<string>; /** * An informative description of the rule. */ description?: string; /** * Whether the rule should be executed. */ enabled?: boolean; /** * Configuration for exposed credential checking. */ exposed_credential_check?: BlockRule.ExposedCredentialCheck; /** * The expression defining which traffic will match the rule. */ expression?: string; /** * An object configuring the rule's logging behavior. */ logging?: Logging; /** * An object configuring the rule's rate limit behavior. */ ratelimit?: BlockRule.Ratelimit; /** * The reference of the rule (the rule's ID by default). */ ref?: string; } export namespace BlockRule { /** * The parameters configuring the rule's action. */ export interface ActionParameters { /** * The response to show when the block is applied. */ response?: ActionParameters.Response; } export namespace ActionParameters { /** * The response to show when the block is applied. */ export interface Response { /** * The content to return. */ content: string; /** * The type of the content to return. */ content_type: string; /** * The status code to return. */ status_code: number; } } /** * Configuration for exposed credential checking. */ export interface ExposedCredentialCheck { /** * An expression that selects the password used in the credentials check. */ password_expression: string; /** * An expression that selects the user ID used in the credentials check. */ username_expression: string; } /** * An object configuring the rule's rate limit behavior. */ export interface Ratelimit { /** * Characteristics of the request on which the rate limit counter will be * incremented. */ characteristics: Array<string>; /** * Period in seconds over which the counter is being incremented. */ period: number; /** * An expression that defines when the rate limit counter should be incremented. It * defaults to the same as the rule's expression. */ counting_expression?: string; /** * Period of time in seconds after which the action will be disabled following its * first execution. */ mitigation_timeout?: number; /** * The threshold of requests per period after which the action will be executed for * the first time. */ requests_per_period?: number; /** * Whether counting is only performed when an origin is reached. */ requests_to_origin?: boolean; /** * The score threshold per period for which the action will be executed the first * time. */ score_per_period?: number; /** * A response header name provided by the origin, which contains the score to * increment rate limit counter with. */ score_response_header_name?: string; } } export interface BlockRuleParam { /** * The unique ID of the rule. */ id?: string; /** * The action to perform when the rule matches. */ action?: 'block'; /** * The parameters configuring the rule's action. */ action_parameters?: BlockRuleParam.ActionParameters; /** * An informative description of the rule. */ description?: string; /** * Whether the rule should be executed. */ enabled?: boolean; /** * Configuration for exposed credential checking. */ exposed_credential_check?: BlockRuleParam.ExposedCredentialCheck; /** * The expression defining which traffic will match the rule. */ expression?: string; /** * An object configuring the rule's logging behavior. */ logging?: LoggingParam; /** * An object configuring the rule's rate limit behavior. */ ratelimit?: BlockRuleParam.Ratelimit; /** * The reference of the rule (the rule's ID by default). */ ref?: string; } export namespace BlockRuleParam { /** * The parameters configuring the rule's action. */ export interface ActionParameters { /** * The response to show when the block is applied. */ response?: ActionParameters.Response; } export namespace ActionParameters { /** * The response to show when the block is applied. */ export interface Response { /** * The content to return. */ content: string; /** * The type of the content to return. */ content_type: string; /** * The status code to return. */ status_code: number; } } /** * Configuration for exposed credential checking. */ export interface ExposedCredentialCheck { /** * An expression that selects the password used in the credentials check. */ password_expression: string; /** * An expression that selects the user ID used in the credentials check. */ username_expression: string; } /** * An object configuring the rule's rate limit behavior. */ export interface Ratelimit { /** * Characteristics of the request on which the rate limit counter will be * incremented. */ characteristics: Array<string>; /** * Period in seconds over which the counter is being incremented. */ period: number; /** * An expression that defines when the rate limit counter should be incremented. It * defaults to the same as the rule's expression. */ counting_expression?: string; /** * Period of time in seconds after which the action will be disabled following its * first execution. */ mitigation_timeout?: number; /** * The threshold of requests per period after which the action will be executed for * the first time. */ requests_per_period?: number; /** * Whether counting is only performed when an origin is reached. */ requests_to_origin?: boolean; /** * The score threshold per period for which the action will be executed the first * time. */ score_per_period?: number; /** * A response header name provided by the origin, which contains the score to * increment rate limit counter with. */ score_response_header_name?: string; } } export interface CompressResponseRule { /** * The timestamp of when the rule was last modified. */ last_updated: string; /** * The version of the rule. */ version: string; /** * The unique ID of the rule. */ id?: string; /** * The action to perform when the rule matches. */ action?: 'compress_response'; /** * The parameters configuring the rule's action. */ action_parameters?: CompressResponseRule.ActionParameters; /** * The categories of the rule. */ categories?: Array<string>; /** * An informative description of the rule. */ description?: string; /** * Whether the rule should be executed. */ enabled?: boolean; /** * Configuration for exposed credential checking. */ exposed_credential_check?: CompressResponseRule.ExposedCredentialCheck; /** * The expression defining which traffic will match the rule. */ expression?: string; /** * An object configuring the rule's logging behavior. */ logging?: Logging; /** * An object configuring the rule's rate limit behavior. */ ratelimit?: CompressResponseRule.Ratelimit; /** * The reference of the rule (the rule's ID by default). */ ref?: string; } export namespace CompressResponseRule { /** * The parameters configuring the rule's action. */ export interface ActionParameters { /** * Custom order for compression algorithms. */ algorithms: Array<ActionParameters.Algorithm>; } export namespace ActionParameters { /** * Compression algorithm to enable. */ export interface Algorithm { /** * Name of the compression algorithm to enable. */ name?: 'none' | 'auto' | 'default' | 'gzip' | 'brotli' | 'zstd'; } } /** * Configuration for exposed credential checking. */ export interface ExposedCredentialCheck { /** * An expression that selects the password used in the credentials check. */ password_expression: string; /** * An expression that selects the user ID used in the credentials check. */ username_expression: string; } /** * An object configuring the rule's rate limit behavior. */ export interface Ratelimit { /** * Characteristics of the request on which the rate limit counter will be * incremented. */ characteristics: Array<string>; /** * Period in seconds over which the counter is being incremented. */ period: number; /** * An expression that defines when the rate limit counter should be incremented. It * defaults to the same as the rule's expression. */ counting_expression?: string; /** * Period of time in seconds after which the action will be disabled following its * first execution. */ mitigation_timeout?: number; /** * The threshold of requests per period after which the action will be executed for * the first time. */ requests_per_period?: number; /** * Whether counting is only performed when an origin is reached. */ requests_to_origin?: boolean; /** * The score threshold per period for which the action will be executed the first * time. */ score_per_period?: number; /** * A response header name provided by the origin, which contains the score to * increment rate limit counter with. */ score_response_header_name?: string; } } export interface CompressResponseRuleParam { /** * The unique ID of the rule. */ id?: string; /** * The action to perform when the rule matches. */ action?: 'compress_response'; /** * The parameters configuring the rule's action. */ action_parameters?: CompressResponseRuleParam.ActionParameters; /** * An informative description of the rule. */ description?: string; /** * Whether the rule should be executed. */ enabled?: boolean; /** * Configuration for exposed credential checking. */ exposed_credential_check?: CompressResponseRuleParam.ExposedCredentialCheck; /** * The expression defining which traffic will match the rule. */ expression?: string; /** * An object configuring the rule's logging behavior. */ logging?: LoggingParam; /** * An object configuring the rule's rate limit behavior. */ ratelimit?: CompressResponseRuleParam.Ratelimit; /** * The reference of the rule (the rule's ID by default). */ ref?: string; } export namespace CompressResponseRuleParam { /** * The parameters configuring the rule's action. */ export interface ActionParameters { /** * Custom order for compression algorithms. */ algorithms: Array<ActionParameters.Algorithm>; } export namespace ActionParameters { /** * Compression algorithm to enable. */ export interface Algorithm { /** * Name of the compression algorithm to enable. */ name?: 'none' | 'auto' | 'default' | 'gzip' | 'brotli' | 'zstd'; } } /** * Configuration for exposed credential checking. */ export interface ExposedCredentialCheck { /** * An expression that selects the password used in the credentials check. */ password_expression: string; /** * An expression that selects the user ID used in the credentials check. */ username_expression: string; } /** * An object configuring the rule's rate limit behavior. */ export interface Ratelimit { /** * Characteristics of the request on which the rate limit counter will be * incremented. */ characteristics: Array<string>; /** * Period in seconds over which the counter is being incremented. */ period: number; /** * An expression that defines when the rate limit counter should be incremented. It * defaults to the same as the rule's expression. */ counting_expression?: string; /** * Period of time in seconds after which the action will be disabled following its * first execution. */ mitigation_timeout?: number; /** * The threshold of requests per period after which the action will be executed for * the first time. */ requests_per_period?: number; /** * Whether counting is only performed when an origin is reached. */ requests_to_origin?: boolean; /** * The score threshold per period for which the action will be executed the first * time. */ score_per_period?: number; /** * A response header name provided by the origin, which contains the score to * increment rate limit counter with. */ score_response_header_name?: string; } } export interface DDoSDynamicRule { /** * The timestamp of when the rule was last modified. */ last_updated: string; /** * The version of the rule. */ version: string; /** * The unique ID of the rule. */ id?: string; /** * The action to perform when the rule matches. */ action?: 'ddos_dynamic'; /** * The parameters configuring the rule's action. */ action_parameters?: unknown; /** * The categories of the rule. */ categories?: Array<string>; /** * An informative description of the rule. */ description?: string; /** * Whether the rule should be executed. */ enabled?: boolean; /** * Configuration for exposed credential checking. */ exposed_credential_check?: DDoSDynamicRule.ExposedCredentialCheck; /** * The expression defining which traffic will match the rule. */ expression?: string; /** * An object configuring the rule's logging behavior. */ logging?: Logging; /** * An object configuring the rule's rate limit behavior. */ ratelimit?: DDoSDynamicRule.Ratelimit; /** * The reference of the rule (the rule's ID by default). */ ref?: string; } export namespace DDoSDynamicRule { /** * Configuration for exposed credential checking. */ export interface ExposedCredentialCheck { /** * An expression that selects the password used in the credentials check. */ password_expression: string; /** * An expression that selects the user ID used in the credentials check. */ username_expression: string; } /** * An object configuring the rule's rate limit behavior. */ export interface Ratelimit { /** * Characteristics of the request on which the rate limit counter will be * incremented. */ characteristics: Array<string>; /** * Period in seconds over which the counter is being incremented. */ period: number; /** * An expression that defines when the rate limit counter should be incremented. It * defaults to the same as the rule's expression. */ counting_expression?: string; /** * Period of time in seconds after which the action will be disabled following its * first execution. */ mitigation_timeout?: number; /** * The threshold of requests per period after which the action will be executed for * the first time. */ requests_per_period?: number; /** * Whether counting is only performed when an origin is reached. */ requests_to_origin?: boolean; /** * The score threshold per period for which the action will be executed the first * time. */ score_per_period?: number; /** * A response header name provided by the origin, which contains the score to * increment rate limit counter with. */ score_response_header_name?: string; } } export interface DDoSDynamicRuleParam { /** * The unique ID of the rule. */ id?: string; /** * The action to perform when the rule matches. */ action?: 'ddos_dynamic'; /** * The parameters configuring the rule's action. */ action_parameters?: unknown; /** * An informative description of the rule. */ description?: string; /** * Whether the rule should be executed. */ enabled?: boolean; /** * Configuration for exposed credential checking. */ exposed_credential_check?: DDoSDynamicRuleParam.ExposedCredentialCheck; /** * The expression defining which traffic will match the rule. */ expression?: string; /** * An object configuring the rule's logging behavior. */ logging?: LoggingParam; /** * An object configuring the rule's rate limit behavior. */ ratelimit?: DDoSDynamicRuleParam.Ratelimit; /** * The reference of the rule (the rule's ID by default). */ ref?: string; } export namespace DDoSDynamicRuleParam { /** * Configuration for exposed credential checking. */ export interface ExposedCredentialCheck { /** * An expression that selects the password used in the credentials check. */ password_expression: string; /** * An expression that selects the user ID used in the credentials check. */ username_expression: string; } /** * An object configuring the rule's rate limit behavior. */ export interface Ratelimit { /** * Characteristics of the request on which the rate limit counter will be * incremented. */ characteristics: Array<string>; /** * Period in seconds over which the counter is being incremented. */ period: number; /** * An expression that defines when the rate limit counter should be incremented. It * defaults to the same as the rule's expression. */ counting_expression?: string; /** * Period of time in seconds after which the action will be disabled following its * first execution. */ mitigation_timeout?: number; /** * The threshold of requests per period after which the action will be executed for * the first time. */ requests_per_period?: number; /** * Whether counting is only performed when an origin is reached. */ requests_to_origin?: boolean; /** * The score threshold per period for which the action will be executed the first * time. */ score_per_period?: number; /** * A response header name provided by the origin, which contains the score to * increment rate limit counter with. */ score_response_header_name?: string; } } export interface ExecuteRule { /** * The timestamp of when the rule was last modified. */ last_updated: string; /** * The version of the rule. */ version: string; /** * The unique ID of the rule. */ id?: string; /** * The action to perform when the rule matches. */ action?: 'execute'; /** * The parameters configuring the rule's action. */ action_parameters?: ExecuteRule.ActionParameters; /** * The categories of the rule. */ categories?: Array<string>; /** * An informative description of the rule. */ description?: string; /** * Whether the rule should be executed. */ enabled?: boolean; /** * Configuration for exposed credential checking. */ exposed_credential_check?: ExecuteRule.ExposedCredentialCheck; /** * The expression defining which traffic will match the rule. */ expression?: string; /** * An object configuring the rule's logging behavior. */ logging?: Logging; /** * An object configuring the rule's rate limit behavior. */ ratelimit?: ExecuteRule.Ratelimit; /** * The reference of the rule (the rule's ID by default). */ ref?: string; } export namespace ExecuteRule { /** * The parameters configuring the rule's action. */ export interface ActionParameters { /** * The ID of the ruleset to execute. */ id: string; /** * The configuration to use for matched data logging. */ matched_data?: ActionParameters.MatchedData; /** * A set of overrides to apply to the target ruleset. */ overrides?: ActionParameters.Overrides; } export namespace ActionParameters { /** * The configuration to use for matched data logging. */ export interface MatchedData { /** * The public key to encrypt matched data logs with. */ public_key: string; } /** * A set of overrides to apply to the target ruleset. */ export interface Overrides { /** * An action to override all rules with. This option has lower precedence than rule * and category overrides. */ action?: string; /** * A list of category-level overrides. This option has the second-highest * precedence after rule-level overrides. */ categories?: Array<Overrides.Category>; /** * Whether to enable execution of all rules. This option has lower precedence than * rule and category overrides. */ enabled?: boolean; /** * A list of rule-level overrides. This option has the highest precedence. */ rules?: Array<Overrides.Rule>; /** * A sensitivity level to set for all rules. This option has lower precedence than * rule and category overrides and is only applicable for DDoS phases. */ sensitivity_level?: 'default' | 'medium' | 'low' | 'eoff'; } export namespace Overrides { /** * A category-level override. */ export interface Category { /** * The name of the category to override. */ category: string; /** * The action to override rules in the category with. */ action?: string; /** * Whether to enable execution of rules in the category. */ enabled?: boolean; /** * The sensitivity level to use for rules in the category. This option is only * applicable for DDoS phases. */ sensitivity_level?: 'default' | 'medium' | 'low' | 'eoff'; } /** * A rule-level override. */ export interface Rule { /** * The ID of the rule to override. */ id: string; /** * The action to override the rule with. */ action?: string; /** * Whether to enable execution of the rule. */ enabled?: boolean; /** * The score threshold to use for the rule. */ score_threshold?: number; /** * The sensitivity level to use for the rule. This option is only applicable for * DDoS phases. */ sensitivity_level?: 'default' | 'medium' | 'low' | 'eoff'; } } } /** * Configuration for exposed credential checking. */ export interface ExposedCredentialCheck { /** * An expression that selects the password used in the credentials check. */ password_expression: string; /** * An expression that selects the user ID used in the credentials check. */ username_expression: string; } /** * An object configuring the rule's rate limit behavior. */ export interface Ratelimit { /** * Characteristics of the request on which the rate limit counter will be * incremented. */ characteristics: Array<string>; /** * Period in seconds over which the counter is being incremented. */ period: number; /** * An expression that defines when the rate limit counter should be incremented. It * defaults to the same as the rule's expression. */ counting_expression?: string; /** * Period of time in seconds after which the action will be disabled following its * first execution. */ mitigation_timeout?: number; /** * The threshold of requests per period after which the action will be executed for * the first time. */ requests_per_period?: number; /** * Whether counting is only performed when an origin is reached. */ requests_to_origin?: boolean; /** * The score threshold per period for which the action will be executed the first * time. */ score_per_period?: number; /** * A response header name provided by the origin, which contains the score to * increment rate limit counter with. */ score_response_header_name?: string; } } export interface ExecuteRuleParam { /** * The unique ID of the rule. */ id?: string; /** * The action to perform when the rule matches. */ action?: 'execute'; /** * The parameters configuring the rule's action. */ action_parameters?: ExecuteRuleParam.ActionParameters; /** * An informative description of the rule. */ description?: string; /** * Whether the rule should be executed. */ enabled?: boolean; /** * Configuration for exposed credential checking. */ exposed_credential_check?: ExecuteRuleParam.ExposedCredentialCheck; /** * The expression defining which traffic will match the rule. */ expression?: string; /** * An object configuring the rule's logging behavior. */ logging?: LoggingParam; /** * An object configuring the rule's rate limit behavior. */ ratelimit?: ExecuteRuleParam.Ratelimit; /** * The reference of the rule (the rule's ID by default). */ ref?: string; } export namespace ExecuteRuleParam { /** * The parameters configuring the rule's action. */ export interface ActionParameters { /** * The ID of the ruleset to execute. */ id: string; /** * The configuration to use for matched data logging. */ matched_data?: ActionParameters.MatchedData; /** * A set of overrides to apply to the target ruleset. */ overrides?: ActionParameters.Overrides; } export namespace ActionParameters { /** * The configuration to use for matched data logging. */ export interface MatchedData { /** * The public key to encrypt matched data logs with. */ public_key: string; } /** * A set of overrides to apply to the target ruleset. */ export interface Overrides { /** * An action to override all rules with. This option has lower precedence than rule * and category overrides. */ action?: string; /** * A list of category-level overrides. This option has the second-highest * precedence after rule-level overrides. */ categories?: Array<Overrides.Category>; /** * Whether to enable execution of all rules. This option has lower precedence than * rule and category overrides. */ enabled?: boolean; /** * A list of rule-level overrides. This option has the highest precedence. */ rules?: Array<Overrides.Rule>; /** * A sensitivity level to set for all rules. This option has lower precedence than * rule and category overrides and is only applicable for DDoS phases. */ sensitivity_level?: 'default' | 'medium' | 'low' | 'eoff'; } export namespace Overrides { /** * A category-level override. */ export interface Category { /** * The name of the category to override. */ category: string; /** * The action to override rules in the category with. */ action?: string; /** * Whether to enable execution of rules in the category. */ enabled?: boolean; /** * The sensitivity level to use for rules in the category. This option is only * applicable for DDoS phases. */ sensitivity_level?: 'default' | 'medium' | 'low' | 'eoff'; } /** * A rule-level override. */ export interface Rule { /** * The ID of the rule to override. */ id: string; /** * The action to override the rule with. */ action?: string; /** * Whether to enable execution of the rule. */ enabled?: boolean; /** * The score threshold to use for the rule. */ score_threshold?: number; /** * The sensitivity level to use for the rule. This option is only applicable for * DDoS phases. */ sensitivity_level?: 'default' | 'medium' | 'low' | 'eoff'; } } } /** * Configuration for exposed credential checking. */ export interface ExposedCredentialCheck { /** * An expression that selects the password used in the credentials check. */ password_expression: string; /** * An expression that selects the user ID used in the credentials check. */ username_expression: string; } /** * An object configuring the rule's rate limit behavior. */ export interface Ratelimit { /** * Characteristics of the request on which the rate limit counter will be * incremented. */ characteristics: Array<string>; /** * Period in seconds over which the counter is being incremented. */ period: number; /** * An expression that defines when the rate limit counter should be incremented. It * defaults to the same as the rule's expression. */ counting_expression?: string; /** * Period of time in seconds after which the action will be disabled following its * first execution. */ mitigation_timeout?: number; /** * The threshold of requests per period after which the action will be executed for * the first time. */ requests_per_period?: number; /** * Whether counting is only performed when an origin is reached. */ requests_to_origin?: boolean; /** * The score threshold per period for which the action will be executed the first * time. */ score_per_period?: number; /** * A response header name provided by the origin, which contains the score to * increment rate limit counter with. */ score_response_header_name?: string; } } export interface ForceConnectionCloseRule { /** * The timestamp of when the rule was last modified. */ last_updated: string; /** * The version of the rule. */ version: string; /** * The unique ID of the rule. */ id?: string; /** * The action to perform when the rule matches. */ action?: 'force_connection_close'; /** * The parameters configuring the rule's action. */ action_parameters?: unknown; /** * The categories of the rule. */ categories?: Array<string>; /** * An informative description of the rule. */ description?: string; /** * Whether the rule should be executed. */ enabled?: boolean; /** * Configuration for exposed credential checking. */ exposed_credential_check?: ForceConnectionCloseRule.ExposedCredentialCheck; /** * The expression defining which traffic will match the rule. */ expression?: string; /** * An object configuring the rule's logging behavior. */ logging?: Logging; /** * An object configuring the rule's rate limit behavior. */ ratelimit?: ForceConnectionCloseRule.Ratelimit; /** * The reference of the rule (the rule's ID by default). */ ref?: string; } export namespace ForceConnectionCloseRule { /** * Configuration for exposed credential checking. */ export interface ExposedCredentialCheck { /** * An expression that selects the password used in the credentials check. */ password_expression: string; /** * An expression that selects the user ID used in the credentials check. */ username_expression: string; } /** * An object configuring the rule's rate limit behavior. */ export interface Ratelimit { /** * Characteristics of the request on which the rate limit counter will be * incremented. */ characteristics: Array<string>; /** * Period in seconds over which the counter is being incremented. */ period: number; /** * An expression that defines when the rate limit counter should be incremented. It * defaults to the same as the rule's expression. */ counting_expression?: string; /** * Period of time in seconds after which the action will be disabled following its * first execution. */ mitigation_timeout?: number; /** * The threshold of requests per period after which the action will be executed for * the first time. */ requests_per_period?: number; /** * Whether counting is only performed when an origin is reached. */ requests_to_origin?: boolean; /** * The score threshold per period for which the action will be executed the first * time. */ score_per_period?: number; /** * A response header name provided by the origin, which contains the score to * increment rate limit counter with. */ score_response_header_name?: string; } } export interface ForceConnectionCloseRuleParam { /** * The unique ID of the rule. */ id?: string; /** * The action to perform when the rule matches. */ action?: 'force_connection_close'; /** * The parameters configuring the rule's action. */ action_parameters?: unknown; /** * An informative description of the rule. */ description?: string; /** * Whether the rule should be executed. */ enabled?: boolean; /** * Configuration for exposed credential checking. */ exposed_credential_check?: ForceConnectionCloseRuleParam.ExposedCredentialCheck; /** * The expression defining which traffic will match the rule. */ expression?: string; /** * An object configuring the rule's logging behavior. */ logging?: LoggingParam; /** * An object configuring the rule's rate limit behavior. */ ratelimit?: ForceConnectionCloseRuleParam.Ratelimit; /** * The reference of the rule (the rule's ID by default). */ ref?: string; } export namespace ForceConnectionCloseRuleParam { /** * Configuration for exposed credential checking. */ export interface ExposedCredentialCheck { /** * An expression that selects the password used in the credentials check. */ password_expression: string; /** * An expression that selects the user ID used in the credentials check. */ username_expression: string; } /** * An object configuring the rule's rate limit behavior. */ export interface Ratelimit { /** * Characteristics of the request on which the rate limit counter will be * incremented. */ characteristics: Array<string>; /** * Period in seconds over which the counter is being incremented. */ period: number; /** * An expression that defines when the rate limit counter should be incremented. It * defaults to the same as the rule's expression. */ counting_expression?: string; /** * Period of time in seconds after which the action will be disabled following its * first execution. */ mitigation_timeout?: number; /** * The threshold of requests per period after which the action will be executed for * the first time. */ requests_per_period?: number; /** * Whether counting is only performed when an origin is reached. */ requests_to_origin?: boolean; /** * The score threshold per period for which the action will be executed the first * time. */ score_per_period?: number; /** * A response header name provided by the origin, which contains the score to * increment rate limit counter with. */ score_response_header_name?: string; } } export interface LogCustomFieldRule { /** * The timestamp of when the rule was last modified. */ last_updated: string; /** * The version of the rule. */ version: string; /** * The unique ID of the rule. */ id?: string; /** * The action to perform when the rule matches. */ action?: 'log_custom_field'; /** * The parameters configuring the rule's action. */ action_parameters?: LogCustomFieldRule.ActionParameters; /** * The categories of the rule. */ categories?: Array<string>; /** * An informative description of the rule. */ description?: string; /** * Whether the rule should be executed. */ enabled?: boolean; /** * Configuration for exposed credential checking. */ exposed_credential_check?: LogCustomFieldRule.ExposedCredentialCheck; /** * The expression defining which traffic will match the rule. */ expression?: string; /** * An object configuring the rule's logging behavior. */ logging?: Logging; /** * An object configuring the rule's rate limit behavior. */ ratelimit?: LogCustomFieldRule.Ratelimit; /** * The reference of the rule (the rule's ID by default). */ ref?: string; } export namespace LogCustomFieldRule { /** * The parameters configuring the rule's action. */ export interface ActionParameters { /** * The cookie fields to log. */ cookie_fields?: Array<ActionParameters.CookieField>; /** * The raw response fields to log. */ raw_response_fields?: Array<ActionParameters.RawResponseField>; /** * The raw request fields to log. */ request_fields?: Array<ActionParameters.RequestField>; /** * The transformed response fields to log. */ response_fields?: Array<ActionParameters.ResponseField>; /** * The transformed request fields to log. */ transformed_request_fields?: Array<ActionParameters.TransformedRequestField>; } export namespace ActionParameters { /** * The cookie field to log. */ export interface CookieField { /** * The name of the cookie. */ name: string; } /** * The raw response field to log. */ export interface RawResponseField { /** * The name of the response header. */ name: string; /** * Whether to log duplicate values of the same header. */ preserve_duplicates?: boolean; } /** * The raw request field to log. */ export interface RequestField { /** * The name of the header. */ name: string; } /** * The transformed response field to log. */ export interface ResponseField { /** * The name of the response header. */ name: string; /** * Whether to log duplicate values of the same header. */ preserve_duplicates?: boolean; } /** * The transformed request field to log. */ export interface TransformedRequestField { /** * The name of the header. */ name: string; } } /** * Configuration for exposed credential checking. */ export interface ExposedCredentialCheck { /** * An expression that selects the password used in the credentials check. */ password_expression: string; /** * An expression that selects the user ID used in the credentials check. */ username_expression: string; } /** * An object configuring the rule's rate limit behavior. */ export interface Ratelimit { /** * Characteristics of the request on which the rate limit counter will be * incremented. */ characteristics: Array<string>; /** * Period in seconds over which the counter is being incremented. */ period: number; /** * An expression that defines when the rate limit counter should be incremented. It * defaults to the same as the rule's expression. */ counting_expression?: string; /** * Period of time in seconds after which the action will be disabled following its * first execution. */ mitigation_timeout?: number; /** * The threshold of requests per period after which the action will be executed for * the first time. */ requests_per_period?: number; /** * Whether counting is only performed when an origin is reached. */ requests_to_origin?: boolean; /** * The score threshold per period for which the action will be executed the first * time. */ score_per_period?: number; /** * A response header name provided by the origin, which contains the score to * increment rate limit counter with. */ score_response_header_name?: string; } } export interface LogCustomFieldRuleParam { /** * The unique ID of the rule. */ id?: string; /** * The action to perform when the rule matches. */ action?: 'log_custom_field'; /** * The parameters configuring the rule's action. */ action_parameters?: LogCustomFieldRuleParam.ActionParameters; /** * An informative description of the rule. */ description?: string; /** * Whether the rule should be executed. */ enabled?: boolean; /** * Configuration for exposed credential checking. */ exposed_credential_check?: LogCustomFieldRuleParam.ExposedCredentialCheck; /** * The expression defining which traffic will match the rule. */ expression?: string; /** * An object configuring the rule's logging behavior. */ logging?: LoggingParam; /** * An object configuring the rule's rate limit behavior. */ ratelimit?: LogCustomFieldRuleParam.Ratelimit; /** * The reference of the rule (the rule's ID by default). */ ref?: string; } export namespace LogCustomFieldRuleParam { /** * The parameters configuring the rule's action. */ export interface ActionParameters { /** * The cookie fields to log. */ cookie_fields?: Array<ActionParameters.CookieField>; /** * The raw response fields to log. */ raw_response_fields?: Array<ActionParameters.RawResponseField>; /** * The raw request fields to log. */ request_fields?: Array<ActionParameters.RequestField>; /** * The transformed response fields to log. */ response_fields?: Array<ActionParameters.ResponseField>; /** * The transformed request fields to log. */ transformed_request_fields?: Array<ActionParameters.TransformedRequestField>; } export namespace ActionParameters { /** * The cookie field to log. */ export interface CookieField { /** * The name of the cookie. */ name: string; } /** * The raw response field to log. */ export interface RawResponseField { /** * The name of the response header. */ name: string; /** * Whether to log duplicate values of the same header. */ preserve_duplicates?: boolean; } /** * The raw request field to log. */ export interface RequestField { /** * The name of the header. */ name: string; } /** * The transformed response field to log. */ export interface ResponseField { /** * The name of the response header. */ name: string; /** * Whether to log duplicate values of the same header. */ preserve_duplicates?: boolean; } /** * The transformed request field to log. */ export interface TransformedRequestField { /** * The name of the header. */ name: string; } } /** * Configuration for exposed credential checking. */ export interface ExposedCredentialCheck { /** * An expression that selects the password used in the credentials check. */ password_expression: string; /** * An expression that selects the user ID used in the credentials check. */ username_expression: string; } /** * An object configuring the rule's rate limit behavior. */ export interface Ratelimit { /** * Characteristics of the request on which the rate limit counter will be * incremented. */ characteristics: Array<string>; /** * Period in seconds over whi