@@ -391,7 +391,7 @@ curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule\
391391| Selector | Operator | Value | Logic | Action |
392392| ---------------- | -------- | ------------- | ----- | ------ |
393393| Application | in | _ Salesforce_ | And | Block |
394- | User Group Names | in | _ Contractors _ | | |
394+ | User Group Names | in | ` Contractors ` | | |
395395
396396</TabItem >
397397
@@ -424,40 +424,141 @@ The following example includes two policies. The first policy allows the specifi
424424
425425### 1. Allow a group
426426
427+ <Tabs syncKey = " dashPlusAPI" TabItem label = " Dashboard"
428+
427429| Selector | Operator | Value | Logic | Action |
428430| ------------------ | -------- | ----------------- | ----- | ------ |
429431| Content Categories | in | _ Social Networks_ | And | Allow |
430- | User Group Names | in | _ marketing-team_ | | |
432+ | User Group Names | in | ` Marketing ` | | |
433+
434+ </TabItem >
435+
436+ <TabItem label = " API"
437+
438+ ``` sh
439+ curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule\
440+ --header " Content-Type: application/json"
441+ --header " Authorization: Bearer <API_TOKEN>"
442+ --data ' {
443+ "name": "Allow social media for Marketing",
444+ "description": "Allow access to social media sites for users in the Marketing group",
445+ "precedence": 1,
446+ "enabled": true,
447+ "action": "allow",
448+ "filters": [
449+ "dns"
450+ ],
451+ "traffic": "any(dns.content_category[*] in {149})",
452+ "identity": "any(identity.groups.name[*] in {\"Marketing\"})",
453+ }'
454+ ```
455+
456+ </TabItem > </Tabs >
431457
432458### 2. Block all other users
433459
460+ <Tabs syncKey = " dashPlusAPI" TabItem label = " Dashboard"
461+
434462| Selector | Operator | Value | Action |
435463| ------------------ | -------- | ----------------- | ------ |
436464| Content Categories | in | _ Social Networks_ | Block |
437465
466+ </TabItem >
467+
468+ <TabItem label = " API"
469+
470+ ``` sh
471+ curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule\
472+ --header " Content-Type: application/json"
473+ --header " Authorization: Bearer <API_TOKEN>"
474+ --data ' {
475+ "name": "Block social media",
476+ "description": "Block social media for all other users",
477+ "precedence": 2,
478+ "enabled": true,
479+ "action": "block",
480+ "filters": [
481+ "dns"
482+ ],
483+ "traffic": "any(dns.content_category[*] in {149})",
484+ "identity": "",
485+ }'
486+ ```
487+
488+ </TabItem > </Tabs >
489+
438490## Control IP version
439491
440492Enterprise users can pair these policies with an [ egress policy] ( /cloudflare-one/policies/gateway/egress-policies/ ) to control which IP address is used to egress to the origin server.
441493
442494:::note
443-
444- To ensure traffic routes via your preferred IP version, disable ** Display block page** .
495+ To ensure traffic routes through your preferred IP version, disable ** Display block page** .
445496:::
446497
447498### Force IPv4
448499
449- Force users to connect with IPv4.
500+ Force users to connect with IPv4 by blocking IPv6 resolution.
501+
502+ <Tabs syncKey = " dashPlusAPI" TabItem label = " Dashboard"
450503
451504| Selector | Operator | Value | Logic | Action |
452505| ----------------- | -------- | ------------- | ----- | ------ |
453506| Query Record Type | is | _ AAAA_ | And | Block |
454507| Domain | is | ` example.com ` | | |
455508
509+ </TabItem >
510+
511+ <TabItem label = " API"
512+
513+ ``` sh
514+ curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule\
515+ --header " Content-Type: application/json"
516+ --header " Authorization: Bearer <API_TOKEN>"
517+ --data ' {
518+ "name": "Force IPv4",
519+ "description": "Force users to connect with IPv4 by blocking IPv6 resolution",
520+ "enabled": true,
521+ "action": "block",
522+ "filters": [
523+ "dns"
524+ ],
525+ "traffic": "dns.query_rtype == \"AAAA\" and any(dns.domains[*] == \"example.com\")",
526+ "identity": "",
527+ }'
528+ ```
529+
530+ </TabItem > </Tabs >
531+
456532### Force IPv6
457533
458- Force users to connect with IPv6.
534+ Force users to connect with IPv6 by blocking IPv4 resolution.
535+
536+ <Tabs syncKey = " dashPlusAPI" TabItem label = " Dashboard"
459537
460538| Selector | Operator | Value | Logic | Action |
461539| ----------------- | -------- | ------------- | ----- | ------ |
462540| Query Record Type | is | _ A_ | And | Block |
463541| Domain | is | ` example.com ` | | |
542+
543+ </TabItem >
544+
545+ <TabItem label = " API"
546+
547+ ``` sh
548+ curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule\
549+ --header " Content-Type: application/json"
550+ --header " Authorization: Bearer <API_TOKEN>"
551+ --data ' {
552+ "name": "Force IPv6",
553+ "description": "Force users to connect with IPv6 by blocking IPv4 resolution",
554+ "enabled": true,
555+ "action": "block",
556+ "filters": [
557+ "dns"
558+ ],
559+ "traffic": "dns.query_rtype == \"A\" and any(dns.domains[*] == \"example.com\")",
560+ "identity": "",
561+ }'
562+ ```
563+
564+ </TabItem > </Tabs >
0 commit comments