Skip to content

GatewayList

Source: src/Cloudflare/Gateway/List.ts

A Cloudflare Zero Trust Gateway list — a named set of domains, IPs, URLs, emails, serial numbers, or device IDs referenced from Gateway rule wirefilter expressions by UUID ($<listId>).

The list’s type is immutable (changing it replaces the list); name, description, and items all converge in place. Items are managed as a full set — the provider PUTs the complete desired item set and removes anything not declared.

Creating a List

Section titled “Creating a List”

Domain list

const blocked = yield* Cloudflare.GatewayList("BlockedDomains", {
  type: "DOMAIN",
  description: "domains blocked org-wide",
  items: [
    { value: "badsite.example.com" },
    { value: "malware.example.net", description: "known C2" },
  ],
});

IP list

const egress = yield* Cloudflare.GatewayList("OfficeEgress", {
  type: "IP",
  items: [{ value: "203.0.113.0/24" }],
});

Referencing from a Gateway Rule

Section titled “Referencing from a Gateway Rule”
yield* Cloudflare.GatewayRule("BlockListedDomains", {
  action: "block",
  filters: ["dns"],
  traffic: `any(dns.domains[*] in $${blocked.listId})`,
});