1: <?php
2:
3: namespace Cloudflare\Zone\Firewall;
4:
5: use Cloudflare\Api;
6: use Cloudflare\Zone;
7: use Cloudflare\Zone\Firewall;
8:
9: /**
10: * CloudFlare API wrapper
11: *
12: * Firewall access rules for a Zone
13: *
14: * @author James Bell <[email protected]>
15: *
16: * @version 1
17: */
18: class AccessRules extends Api
19: {
20: /**
21: * Default permissions level
22: *
23: * @var array
24: */
25: protected $permission_level = ['read' => '#zone:read', 'edit' => '#zone:edit'];
26:
27: /**
28: * List access rules (permission needed: #zone:read)
29: * Search, sort, and filter IP/country access rule
30: *
31: * @param string $zone_id
32: * @param string|null $scope_type The scope of the rules
33: * @param string|null $mode The action to apply to a matched request
34: * @param string|null $configuration_target The rule configuration target
35: * @param string|null $configuration_value Search by IP, range, or country code
36: * @param int|null $page Page number of paginated results
37: * @param int|null $per_page Number of rules per page
38: * @param string|null $order Field to order rules by
39: * @param string|null $direction Direction to order rules
40: * @param string|null $match Whether to match all search requirements or at least one (any)
41: */
42: public function rules($zone_id, $scope_type = null, $mode = null, $configuration_target = null, $configuration_value = null, $page = null, $per_page = null, $order = null, $direction = null, $match = null)
43: {
44: $data = [
45: 'scope_type' => $scope_type,
46: 'mode' => $mode,
47: 'configuration_target' => $configuration_target,
48: 'configuration_value' => $configuration_value,
49: 'page' => $page,
50: 'per_page' => $per_page,
51: 'order' => $order,
52: 'direction' => $direction,
53: 'match' => $match,
54: ];
55:
56: return $this->get('/zones/'.$zone_id.'/firewall/access_rules/rules', $data);
57: }
58:
59: /**
60: * Create access rule (permission needed: #zone:edit)
61: * Make a new IP, IP range, or country access rule for the zone.
62: * Note: If you would like to create an access rule that applies across all of your owned zones, use the user or organization firewall endpoints as appropriate.
63: *
64: * @param string $zone_id
65: * @param string $mode The action to apply to a matched request
66: * @param object $configuration Rule configuration
67: * @param string|null $notes A personal note about the rule. Typically used as a reminder or explanation for the rule.
68: */
69: public function create($zone_id, $mode, $configuration, $notes = null)
70: {
71: $data = [
72: 'mode' => $mode,
73: 'configuration' => $configuration,
74: 'notes' => $notes,
75: ];
76:
77: return $this->post('/zones/'.$zone_id.'/firewall/access_rules/rules', $data);
78: }
79:
80: /**
81: * Update access rule (permission needed: #zone:edit)
82: * Update rule state and/or configuration for the zone.
83: * Note: you can only edit rules in the 'zone' group via this endpoint. Use the appropriate owner rules endpoint if trying to manage owner-level rules
84: *
85: * @param string $zone_id
86: * @param string $identifier
87: * @param string|null $mode The action to apply to a matched request
88: * @param string|null $notes A personal note about the rule. Typically used as a reminder or explanation for the rule.
89: */
90: public function update($zone_id, $identifier, $mode = null, $notes = null)
91: {
92: $data = [
93: 'mode' => $mode,
94: 'notes' => $notes,
95: ];
96:
97: return $this->patch('/zones/'.$zone_id.'/firewall/access_rules/rules/'.$identifier, $data);
98: }
99:
100: /**
101: * Delete access rule (permission needed: #zone:edit)
102: * Remove an access rule so it is no longer evaluated during requests.
103: * Optionally, specify how to delete rules that match the mode and configuration across all other zones that this zone owner manages.
104: * 'none' is the default, and will only delete this rule.
105: * 'basic' will delete rules that match the same mode and configuration.
106: * 'aggressive' will delete rules that match the same configuration.
107: *
108: * @param string $zone_id
109: * @param string $identifier
110: * @param string|null $cascade The level to attempt to delete rules defined on other zones that are similar to this rule
111: */
112: public function delete_rule($zone_id, $identifier, $cascade = null)
113: {
114: $data = [
115: 'cascade' => $cascade,
116: ];
117:
118: return $this->delete('/zones/'.$zone_id.'/firewall/access_rules/rules/'.$identifier, $data);
119: }
120: }
121: