cloudflare
references/ddos/api.md
.md 165 lines
Content
# DDoS API
## Endpoints
### HTTP DDoS (L7)
```typescript
// Zone-level
PUT /zones/{zoneId}/rulesets/phases/ddos_l7/entrypoint
GET /zones/{zoneId}/rulesets/phases/ddos_l7/entrypoint
// Account-level (Enterprise Advanced)
PUT /accounts/{accountId}/rulesets/phases/ddos_l7/entrypoint
GET /accounts/{accountId}/rulesets/phases/ddos_l7/entrypoint
```
### Network DDoS (L3/4)
```typescript
// Account-level only
PUT /accounts/{accountId}/rulesets/phases/ddos_l4/entrypoint
GET /accounts/{accountId}/rulesets/phases/ddos_l4/entrypoint
```
## TypeScript SDK
**SDK Version**: Requires `cloudflare` >= 3.0.0 for ruleset phase methods.
```typescript
import Cloudflare from "cloudflare";
const client = new Cloudflare({ apiToken: process.env.CLOUDFLARE_API_TOKEN });
// STEP 1: Discover managed ruleset ID (required for overrides)
const allRulesets = await client.rulesets.list({ zone_id: zoneId });
const ddosRuleset = allRulesets.result.find(
(r) => r.kind === "managed" && r.phase === "ddos_l7"
);
if (!ddosRuleset) throw new Error("DDoS managed ruleset not found");
const managedRulesetId = ddosRuleset.id;
// STEP 2: Get current HTTP DDoS configuration
const entrypointRuleset = await client.zones.rulesets.phases.entrypoint.get("ddos_l7", {
zone_id: zoneId,
});
// STEP 3: Update HTTP DDoS ruleset with overrides
await client.zones.rulesets.phases.entrypoint.update("ddos_l7", {
zone_id: zoneId,
rules: [
{
action: "execute",
expression: "true",
action_parameters: {
id: managedRulesetId, // From discovery step
overrides: {
sensitivity_level: "medium",
action: "managed_challenge",
},
},
},
],
});
// Network DDoS (account level, L3/4)
const l4Rulesets = await client.rulesets.list({ account_id: accountId });
const l4DdosRuleset = l4Rulesets.result.find(
(r) => r.kind === "managed" && r.phase === "ddos_l4"
);
const l4Ruleset = await client.accounts.rulesets.phases.entrypoint.get("ddos_l4", {
account_id: accountId,
});
```
## Alert Configuration
```typescript
interface DDoSAlertConfig {
name: string;
enabled: boolean;
alert_type: "http_ddos_attack_alert" | "layer_3_4_ddos_attack_alert"
| "advanced_http_ddos_attack_alert" | "advanced_layer_3_4_ddos_attack_alert";
filters?: {
zones?: string[];
hostnames?: string[];
requests_per_second?: number;
packets_per_second?: number;
megabits_per_second?: number;
ip_prefixes?: string[]; // CIDR
ip_addresses?: string[];
protocols?: string[];
};
mechanisms: {
email?: Array<{ id: string }>;
webhooks?: Array<{ id: string }>;
pagerduty?: Array<{ id: string }>;
};
}
// Create alert
await fetch(
`https://api.cloudflare.com/client/v4/accounts/${accountId}/alerting/v3/policies`,
{
method: "POST",
headers: {
Authorization: `Bearer ${apiToken}`,
"Content-Type": "application/json",
},
body: JSON.stringify(alertConfig),
}
);
```
## Typed Override Examples
```typescript
// Override by category
interface CategoryOverride {
action: "execute";
expression: string;
action_parameters: {
id: string;
overrides: {
categories?: Array<{
category: "http-flood" | "http-anomaly" | "udp-flood" | "syn-flood";
sensitivity_level?: "default" | "medium" | "low" | "eoff";
action?: "block" | "managed_challenge" | "challenge" | "log";
}>;
};
};
}
// Override by rule ID
interface RuleOverride {
action: "execute";
expression: string;
action_parameters: {
id: string;
overrides: {
rules?: Array<{
id: string;
action?: "block" | "managed_challenge" | "challenge" | "log";
sensitivity_level?: "default" | "medium" | "low" | "eoff";
}>;
};
};
}
// Example: Override specific adaptive rule
const adaptiveOverride: RuleOverride = {
action: "execute",
expression: "true",
action_parameters: {
id: managedRulesetId,
overrides: {
rules: [
{ id: "...adaptive-origins-rule-id...", sensitivity_level: "low" },
],
},
},
};
```
See [patterns.md](./patterns.md) for complete implementation patterns.