Skip to content

GatewayConfiguration

Source: src/Cloudflare/Gateway/Configuration.ts

Manages the singleton Cloudflare Zero Trust Gateway configuration for an account (/accounts/{accountId}/gateway/configuration) — account-wide settings like activity logging, TLS decryption, the block page, anti-virus scanning, and browser isolation.

The singleton always exists, so reconcile patches only the settings blocks you declare and never clobbers unmanaged blocks. The pre-management value of each managed block is captured on first touch and restored on destroy (capture-and-restore). Blocks that were unset before Alchemy managed them cannot be restored (Cloudflare’s API has no way to unset a block) — destroy leaves the last managed value and logs a warning.

Managing Gateway settings

Section titled “Managing Gateway settings”

Enable activity logging and TLS decryption

yield* Cloudflare.GatewayConfiguration("Gateway", {
  settings: {
    activityLog: { enabled: true },
    tlsDecrypt: { enabled: true },
  },
});

Custom block page

yield* Cloudflare.GatewayConfiguration("Gateway", {
  settings: {
    blockPage: {
      enabled: true,
      headerText: "Blocked by IT",
      footerText: "Contact support@example.com",
      backgroundColor: "#1f2937",
    },
  },
});

TLS interception

Section titled “TLS interception”
const cert = yield* Cloudflare.GatewayCertificate("InspectionCa", {});
yield* Cloudflare.GatewayConfiguration("Gateway", {
  settings: {
    tlsDecrypt: { enabled: true },
    certificate: { id: cert.certificateId },
  },
});