> ## Documentation Index > Fetch the complete documentation index at: https://gcore.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Retrieve account's firewall rules across all domains > Returns all firewall rules across all domains belonging to the authenticated account. Supports filtering, ordering, and pagination. ## OpenAPI ````yaml /api-reference/services_documented/waap_api.yaml get /waap/v2/firewall-rules openapi: 3.1.0 info: title: Gcore OpenAPI – WAAP API description: >- This OpenAPI is an aggregated OpenAPI specification that unifies all Gcore products into a single file. It covers Cloud, CDN, DNS, WAAP, DDoS Protection, Object Storage, Streaming, and FastEdge services. version: '2026-05-15T06:37:28.230198+00:00' servers: - url: https://api.gcore.com security: - APIKey: [] tags: - name: WAAP Service x-displayName: WAAP Service - name: Domains x-displayName: Domains - name: Policies x-displayName: Policies - name: Analytics x-displayName: Analytics - name: Custom Page Sets x-displayName: Custom Page Sets - name: Custom Rules x-displayName: Custom Rules - name: Filter Templates x-displayName: Filter Templates - name: Firewall Rules x-displayName: Firewall Rules - name: Advanced Rules x-displayName: Advanced Rules - name: Tags x-displayName: Tags - name: Network Organizations x-displayName: Network Organizations - name: API Discovery x-displayName: API Discovery - name: IP Spotlight x-displayName: IP Spotlight - name: Security Insights x-displayName: Security Insights - name: IP Reputation x-displayName: IP Reputation paths: /waap/v2/firewall-rules: get: tags: - Firewall Rules summary: Retrieve account's firewall rules across all domains description: >- Returns all firewall rules across all domains belonging to the authenticated account. Supports filtering, ordering, and pagination. operationId: get_account_firewall_rules_v2_firewall_rules_get parameters: - name: ordering in: query required: false schema: anyOf: - enum: - id - name - description - enabled - action - '-id' - '-name' - '-description' - '-enabled' - '-action' type: string - type: 'null' description: Order results by field (prefix with - for descending) title: Ordering description: Order results by field (prefix with - for descending) - name: limit in: query required: false schema: type: integer maximum: 100 minimum: 0 description: Number of items to return default: 100 title: Limit description: Number of items to return - name: offset in: query required: false schema: type: integer maximum: 100000 minimum: 0 description: Number of items to skip default: 0 title: Offset description: Number of items to skip - name: name in: query required: false schema: type: string description: Filter rules by name (supports wildcards) example: Block by specific IP rule. examples: - Block by specific IP rule. title: Name description: Filter rules by name (supports wildcards) - name: description in: query required: false schema: type: string description: Filter rules by description (supports wildcards) example: Blocks all requests from a specific IP address. examples: - Blocks all requests from a specific IP address. title: Description description: Filter rules by description (supports wildcards) - name: action in: query required: false schema: $ref: '#/components/schemas/FirewallRuleActionType' description: Filter by action type examples: - allow description: Filter by action type - name: enabled in: query required: false schema: type: boolean description: Filter by enabled status example: true examples: - true title: Enabled description: Filter by enabled status - name: domain_ids in: query required: false schema: type: array items: type: integer description: Filter by domain IDs (can specify multiple) example: - 123 - 456 examples: - - 123 - 456 title: Domain Ids description: Filter by domain IDs (can specify multiple) responses: '200': description: Successful Response content: application/json: schema: $ref: >- #/components/schemas/PaginatedResponse_AccountFirewallRuleResponse_ '400': content: application/problem+json: schema: $ref: '#/components/schemas/APIError' example: type: http-bad-request title: Bad Request status: 400 detail: 'Invalid domain name: ''''''''' description: Bad Request '401': description: Unauthorized content: application/problem+json: example: detail: Auth token is missing or invalid '403': description: Unauthenticated content: application/problem+json: example: detail: Permission denied '404': content: application/problem+json: schema: $ref: '#/components/schemas/APIError' example: type: http-not-found title: Not Found status: 404 detail: The resource is not found description: Not Found '422': content: application/problem+json: schema: $ref: '#/components/schemas/APICompositeError' example: type: request-validation-failed title: Request validation error. status: 422 detail: One or more fields have validation errors. errors: - loc: - body - name detail: Input should be a valid string - loc: - body - date detail: Field required - loc: - query - limit detail: Field required description: Unprocessable Entity '500': content: application/problem+json: schema: $ref: '#/components/schemas/APIError' example: type: internal-server-error title: Internal server error. status: 500 detail: >- An unexpected condition was encountered which prevented the server from fulfilling the request. description: Internal Server Error components: schemas: FirewallRuleActionType: type: string enum: - allow - block title: FirewallRuleActionType PaginatedResponse_AccountFirewallRuleResponse_: properties: limit: type: integer title: Limit description: Number of items requested in the response offset: type: integer title: Offset description: Items response offset used count: type: integer title: Count description: Number of items contain in the response results: items: $ref: '#/components/schemas/AccountFirewallRuleResponse' type: array title: Results description: List of items returned in the response following given criteria type: object required: - limit - offset - count - results title: PaginatedResponse[AccountFirewallRuleResponse] APIError: properties: type: type: string title: Type description: A URI identifier that categorizes the type of error. title: type: string title: Title description: A brief, human-readable title for the error. status: type: integer title: Status description: The HTTP status code applicable to this error. detail: anyOf: - type: string - type: 'null' title: Detail description: A detailed human-readable explanation of the error. type: object required: - type - title - status - detail title: APIError APICompositeError: properties: type: type: string title: Type description: A URI identifier that categorizes the type of error. title: type: string title: Title description: A brief, human-readable title for the error. status: type: integer title: Status description: The HTTP status code applicable to this error. detail: anyOf: - type: string - type: 'null' title: Detail description: A detailed human-readable explanation of the error. errors: items: $ref: '#/components/schemas/APIFieldError' type: array title: Errors description: A list of detailed errors for individual fields. type: object required: - type - title - status - detail - errors title: APICompositeError AccountFirewallRuleResponse: properties: name: type: string maxLength: 100 minLength: 1 pattern: ^[A-Za-z0-9\s.:'";<>?&|\\]+$ title: Name description: The name assigned to the rule example: Block foobar bot examples: - Block foobar bot description: type: string maxLength: 100 title: Description description: The description assigned to the rule enabled: type: boolean title: Enabled description: Whether or not the rule is enabled action: $ref: '#/components/schemas/FirewallRuleAction' description: The action that the rule takes when triggered conditions: items: $ref: '#/components/schemas/FirewallRuleCondition' type: array maxItems: 1 minItems: 1 title: Conditions description: The condition required for the WAAP engine to trigger the rule. id: type: integer title: Id description: The unique identifier of the rule domain: $ref: '#/components/schemas/app__models__domains__DomainInfo' description: The domain this firewall rule belongs to type: object required: - name - enabled - action - conditions - id - domain title: AccountFirewallRuleResponse description: Firewall rule response for account-level queries with domain information APIFieldError: properties: loc: anyOf: - items: anyOf: - type: integer - type: string type: array - {} title: Loc description: The location of the field or a character number causing the error. detail: type: string title: Detail description: A human-readable message describing the error. type: object required: - loc - detail title: APIFieldError FirewallRuleAction: properties: allow: anyOf: - $ref: '#/components/schemas/RuleAllowAction' - type: 'null' block: anyOf: - $ref: '#/components/schemas/RuleBlockAction' - type: 'null' additionalProperties: false type: object title: FirewallRuleAction description: The action that a firewall rule takes when triggered FirewallRuleCondition: properties: ip: $ref: '#/components/schemas/IpCondition' ip_range: $ref: '#/components/schemas/IpRangeCondition' additionalProperties: false type: object title: FirewallRuleCondition description: >- The criteria of an incoming web request and the models of the various values those criteria can take app__models__domains__DomainInfo: properties: id: type: integer title: Id description: The domain ID name: type: string title: Name description: The domain name type: object required: - id - name title: DomainInfo description: Minimal domain information for inclusion in resource responses RuleAllowAction: properties: {} additionalProperties: true type: object title: RuleAllowAction description: The WAAP allows the request RuleBlockAction: properties: status_code: $ref: '#/components/schemas/RuleBlockStatusCode' description: >- A custom HTTP status code that the WAAP returns if a rule blocks a request action_duration: type: string maxLength: 10 minLength: 1 pattern: ^[1-9][0-9]*[smhd]?$ title: Action Duration description: >- How long a rule's block action will apply to subsequent requests. Can be specified in seconds or by using a numeral followed by 's', 'm', 'h', or 'd' to represent time format (seconds, minutes, hours, or days). Empty time intervals are not allowed. example: 12h examples: - 12h - 60s - '30' additionalProperties: false type: object title: RuleBlockAction description: >- WAAP block action behavior could be configured with response status code and action duration. IpCondition: properties: negation: type: boolean title: Negation description: >- Whether or not to apply a boolean NOT operation to the rule's condition default: false ip_address: type: string format: ipvanyaddress title: Ip Address description: A single IPv4 or IPv6 address type: object required: - ip_address title: IpCondition description: Match the incoming request against a single IP address IpRangeCondition: properties: negation: type: boolean title: Negation description: >- Whether or not to apply a boolean NOT operation to the rule's condition default: false lower_bound: type: string format: ipvanyaddress title: Lower Bound description: The lower bound IPv4 or IPv6 address to match against upper_bound: type: string format: ipvanyaddress title: Upper Bound description: The upper bound IPv4 or IPv6 address to match against type: object required: - lower_bound - upper_bound title: IpRangeCondition description: Match the incoming request against an IP range RuleBlockStatusCode: type: integer enum: - 403 - 405 - 418 - 429 title: RuleBlockStatusCode description: Designates the HTTP status code to deliver when a request is blocked. securitySchemes: APIKey: description: >- API key for authentication. Make sure to include the word `apikey`, followed by a single space and then your token. Example: `apikey 1234$abcdef` type: apiKey in: header name: Authorization ````