Cloudflare Docs
DDoS Protection
Edit this page
Give us feedback
Set theme to dark (⇧+D)

JSON objects

This page contains examples of the JSON objects used in the API.

​​ Prefix

{
"id": "31c70c65-9f81-4669-94ed-1e1e041e7b06",
"prefix": "192.0.2.0/24",
"comment": "Game ranges",
"excluded": false,
"created_on": "2022-01-01T13:06:04.721954+01:00",
"modified_on": "2022-01-01T13:06:04.721954+01:00"
}

​​ Prefix in allowlist

{
"id": "31c70c65-9f81-4669-94ed-1e1e041e7b06",
"prefix": "192.0.2.0/24",
"comment": "Game ranges",
"enabled": true,
"created_on": "2021-10-01T13:06:04.721954+01:00",
"modified_on": "2021-10-01T13:06:04.721954+01:00"
}

The prefix field can contain an IP address or a CIDR range.

​​ SYN flood rule or out-of-state TCP rule

{
"id": "31c70c65-9f81-4669-94ed-1e1e041e7b06",
"scope": "region",
"name": "WEUR",
"rate_sensitivity": "medium",
"burst_sensitivity": "medium",
"created_on": "2021-10-01T13:10:38.762503+01:00",
"modified_on": "2021-10-01T13:10:38.762503+01:00"
}

The scope field value must be one of global, region, or datacenter. You must provide a region code (or data center code) in the name field when specifying a region (or datacenter) scope.

The rate_sensitivity and burst_sensitivity field values must be one of low, medium, or high.

​​ Filter

{
"id": "20b99eb6-8b48-48dd-a5b9-a995a0843b57",
"expression": "ip.dst in { 192.0.2.0/24 203.0.113.0/24 } and tcp.dstport in { 80 443 10000..65535 }",
"mode": "enabled",
"created_on": "2022-11-01T13:10:38.762503+01:00",
"modified_on": "2022-11-01T13:10:38.762503+01:00"
}

The expression field is a Rules language expression up to 8,192 characters that can include the following fields:

  • ip.src
  • ip.dst
  • tcp.srcport
  • tcp.dstport

The mode value must be one of enabled, disabled, or monitoring.