@@ -320,9 +320,37 @@ If you are using the [Browser Isolation add-on](/cloudflare-one/policies/browser
320320
321321When accessing origin servers with certificates not signed by a public certificate authority, you must bypass TLS decryption.
322322
323- | Selector | Operator | Value | Action |
324- | -------- | -------- | ------------------- | -------------- |
325- | Domain | in | ` internal.site.com ` | Do Not Inspect |
323+ <Tabs syncKey = " dashPlusAPI" > <TabItem label = " Dashboard" >
324+
325+ | Selector | Operator | Value | Action |
326+ | -------- | -------- | ---------------------- | -------------- |
327+ | Domain | in | ` internal.example.com ` | Do Not Inspect |
328+
329+ </TabItem >
330+
331+ <TabItem label = " API" >
332+
333+ ``` sh
334+ curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule\
335+ --header " Content-Type: application/json" \
336+ --header " Authorization: Bearer <API_TOKEN>" \
337+ --data ' {
338+ "name": "Bypass internal site inspection",
339+ "description": "Bypass TLS decryption for internal sites with self-signed certificates",
340+ "enabled": true,
341+ "action": "off",
342+ "filters": [
343+ "http"
344+ ],
345+ "traffic": "any(http.conn.domains[*] in {\"internal.example.com\"})",
346+ "identity": "",
347+ "device_posture": ""
348+ }'
349+ ```
350+
351+ </TabItem > </Tabs >
352+
353+ ## Block file types
326354
327355<Render file = " gateway/policies/block-file-types" />
328356
@@ -332,29 +360,72 @@ For more information on supported file types, refer to [Download and Upload File
332360
333361To enable Gateway inspection for Google Drive traffic, you must [ add a Cloudflare certificate to Google Drive] ( /cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment/#google-drive-for-desktop ) .
334362
335- ### Block Google Drive uploads
336-
337- Block file uploads to Google Drive.
338-
339- | Selector | Operator | Value | Logic | Action |
340- | ---------------- | ------------- | ------------ | ----- | ------ |
341- | Application | in | Google Drive | And | Block |
342- | Upload Mime Type | matches regex | ` .* ` | | |
343-
344363### Block Google Drive downloads
345364
346365Block file downloads from Google Drive.
347366
367+ <Tabs syncKey = " dashPlusAPI" > <TabItem label = " Dashboard" >
368+
348369| Selector | Operator | Value | Logic | Action |
349370| ---------------- | ------------- | -------------------------- | ----- | ------ |
350- | Application | in | Google Drive | And | Block |
371+ | Application | in | _ Google Drive _ | And | Block |
351372| URL Path & Query | matches regex | ` .*(e=download\|export).* ` | | |
352373
374+ </TabItem >
375+
376+ <TabItem label = " API" >
377+
378+ ``` sh
379+ curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule\
380+ --header " Content-Type: application/json" \
381+ --header " Authorization: Bearer <API_TOKEN>" \
382+ --data ' {
383+ "name": "Block Google Drive downloads",
384+ "description": "Block file downloads from Google Drive",
385+ "enabled": true,
386+ "action": "block",
387+ "filters": [
388+ "http"
389+ ],
390+ "traffic": "any(app.ids[*] in {554}) and http.request.uri.path_and_query matches \".*(e=download\\|export).*\"",
391+ "identity": "",
392+ "device_posture": ""
393+ }'
394+ ```
395+
396+ </TabItem > </Tabs >
397+
353398### Block Gmail downloads
354399
355400Block file downloads from Gmail.
356401
402+ <Tabs syncKey = " dashPlusAPI" > <TabItem label = " Dashboard" >
403+
357404| Selector | Operator | Value | Logic | Action |
358405| ---------------- | -------- | --------------------------------------- | ----- | ------ |
359406| Host | is | ` mail-attachment.googleusercontent.com ` | And | Block |
360407| URL Path & Query | is | ` /attachment/u/0 ` | | |
408+
409+ </TabItem >
410+
411+ <TabItem label = " API" >
412+
413+ ``` sh
414+ curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule\
415+ --header " Content-Type: application/json" \
416+ --header " Authorization: Bearer <API_TOKEN>" \
417+ --data ' {
418+ "name": "Block Gmail downloads",
419+ "description": "Block file downloads from Gmail",
420+ "enabled": true,
421+ "action": "block",
422+ "filters": [
423+ "http"
424+ ],
425+ "traffic": "http.request.host == \"mail-attachment.googleusercontent.com\" and http.request.uri.path_and_query matches \"/attachment/u/0\"",
426+ "identity": "",
427+ "device_posture": ""
428+ }'
429+ ```
430+
431+ </TabItem > </Tabs >
0 commit comments