Modify IP/Geo Firewall settings

put

https://{hostname}/appsec/v1/configs/{configId}/versions/{versionNumber}/security-policies/{policyId}/ip-geo-firewall

All products Update the method and which network lists to use for IP/Geo firewall blocking. In Control Center this method is called mode. In this API the method is called blocked. Use blockSpecificIPGeo to block any IPs, geographies, or network lists you choose with this setting. Use blockAllTrafficExceptAllowedIPs to allow specific IPs or geographies that you choose to let through while the rest remain blocked. IPs you want to allow are contained in the allowedIPNetworkLists. It's important to verify the IPs you block are the ones you intend to block as it's easy to block wanted traffic by accident. Note that subnet controls are a legacy item in Control Center and are not available through this API.

Path Params

configId

int64

required

A unique identifier for each configuration.

versionNumber

integer

required

A unique identifier for each version of a configuration.

policyId

string

required

A unique identifier for a security policy.

Query Params

accountSwitchKey

string

For customers who manage more than one account, this runs the operation from another account. The Identity and Access Management API provides a list of available account switch keys.

Body Params

asnControls

object

The network lists you block or allow by AS number.

block

string

enum

required

Prevents or allows requests by IP and geographic location. Value is one of:

blockSpecificIPGeo. Blocks traffic based on the values in your allowed, blocked, and Ukraine control network lists.
blockAllTrafficExceptAllowedIPs. Blocks all traffic except the values in your allowed network lists.

Allowed:

blockAllAction

string

The type of deny action to take. Value is one of:

deny. Default. Blocked traffic gets a 403 response.
deny_custom_{custom_deny_id}. Blocked traffic gets a customized deny response.

geoControls

object

The network lists you block geographically.

ipControls

object

The network lists you block or allow by IP.

ukraineGeoControl

object

The settings for requests to and from Ukraine.

Headers

string

enum

Defaults to application/json

Generated from available response content types

Allowed:

Responses

200Successfully updated the IP/Geo Firewall settings.

400Invalid. Client error, such as invalid or malformed input.

403Forbidden. You don't have permission to write to this resource.

404Not found. The security policy doesn't exist, doesn't carry application layer controls, or no rule with this ID is available for use in this policy.

500Internal server error. Something went wrong on our side. Try again in a few minutes or contact support if the error persists.