--- title: Firewall events description: The descriptions below detail the fields available for firewall_events. image: https://developers.cloudflare.com/core-services-preview.png --- > Documentation Index > Fetch the complete documentation index at: https://developers.cloudflare.com/logs/llms.txt > Use this file to discover all available pages before exploring further. [Skip to content](#%5Ftop) # Firewall events The descriptions below detail the fields available for `firewall_events`. ## Action Type: `string` The code of the first-class action the Cloudflare Firewall took on this request. Possible actions are _unknown_ | _allow_ | _block_ | _challenge_ | _jschallenge_ | _log_ | _connectionclose_ | _challengesolved_ | _challengebypassed_ | _jschallengesolved_ | _jschallengebypassed_ | _bypass_ | _managedchallenge_ | _managedchallengenoninteractivesolved_ | _managedchallengeinteractivesolved_ | _managedchallengebypassed_. ## ClientASN Type: `int` The ASN number of the visitor. ## ClientASNDescription Type: `string` The ASN of the visitor as string. ## ClientCountry Type: `string` Country from which request originated. ## ClientIP Type: `string` The visitor's IP address (IPv4 or IPv6). ## ClientIPClass Type: `string` The classification of the visitor's IP address, possible values are: _unknown_ | _badHost_ | _searchEngine_ | _allowlist_ | _monitoringService_ | _noRecord_ | _scan_ | _tor_. ## ClientRefererHost Type: `string` The referer host. ## ClientRefererPath Type: `string` The referer path requested by visitor. ## ClientRefererQuery Type: `string` The referer query-string was requested by the visitor. ## ClientRefererScheme Type: `string` The referer URL scheme requested by the visitor. ## ClientRequestHost Type: `string` The HTTP hostname requested by the visitor. ## ClientRequestMethod Type: `string` The HTTP method used by the visitor. ## ClientRequestPath Type: `string` The path requested by visitor. ## ClientRequestProtocol Type: `string` The version of HTTP protocol requested by the visitor. ## ClientRequestQuery Type: `string` The query-string was requested by the visitor. ## ClientRequestScheme Type: `string` The URL scheme requested by the visitor. ## ClientRequestUserAgent Type: `string` Visitor's user-agent string. ## ContentScanObjResults Type: `array[string]` List of content scan results. ## ContentScanObjSizes Type: `array[int]` List of content object sizes. ## ContentScanObjTypes Type: `array[string]` List of content types. ## Datetime Type: `int or string` The date and time the event occurred at the edge. ## Description Type: `string` The description of the rule triggered by this request. ## EdgeColoCode Type: `string` The airport code of the Cloudflare data center that served this request. ## EdgeResponseStatus Type: `int` HTTP response status code returned to browser. ## FirewallForAIInjectionScore Type: `int` The score indicating the likelihood of a prompt injection attack in the request, as determined by Firewall for AI. ## FirewallForAIPIICategories Type: `array[string]` List of PII categories detected in the request by Firewall for AI. ## FirewallForAITokenCount Type: `int` The number of tokens in the request, as counted by Firewall for AI. ## FirewallForAIUnsafeTopicCategories Type: `array[string]` List of unsafe topic categories detected in the request by Firewall for AI. ## FraudUserID Type: `string` A unique identifier generated by the Fraud Detection system for each user, generated during any action determined by the fraud event type. ## Kind Type: `string` The kind of event, currently only possible values are: _firewall_. ## LeakedCredentialCheckResult Type: `string` Result of the check for [leaked credentials](https://developers.cloudflare.com/waf/detections/leaked-credentials/). Possible results are: _password\_leaked_ | _username\_and\_password\_leaked_ | _username\_password\_similar_ | _username\_leaked_ | _clean_. ## MatchIndex Type: `int` Rules match index in the chain. The last matching rule will have MatchIndex _0_. If another rule matched before the last one, it will have MatchIndex _1_. The same applies to any other matching rules, which will have a MatchIndex value of _2_, _3_, and so on. ## Metadata Type: `object` Additional product-specific information. Metadata is organized in key:value pairs. Key and Value formats can vary by Cloudflare security product and can change over time. ## OriginResponseStatus Type: `int` HTTP origin response status code returned to browser. ## OriginatorRayID Type: `string` The RayID of the request that issued the challenge/jschallenge. ## RayID Type: `string` The RayID of the request. ## Ref Type: `string` The user-defined identifier for the rule triggered by this request. Use refs to label your rules individually alongside the Cloudflare-provided RuleID. You can set refs via the [Rulesets API](https://developers.cloudflare.com/ruleset-engine/rulesets-api/) for some security products. ## RuleID Type: `string` The Cloudflare security product-specific RuleID triggered by this request. ## Source Type: `string` The Cloudflare security product triggered by this request. Possible sources are _unknown_ | _asn_ | _country_ | _ip_ | _iprange_ | _securitylevel_ | _zonelockdown_ | _waf_ | _firewallrules_ | _uablock_ | _ratelimit_ | _bic_ | _hot_ | _l7ddos_ | _validation_ | _botfight_ | _apishield_ | _botmanagement_ | _dlp_ | _firewallmanaged_ | _firewallcustom_ | _apishieldschemavalidation_ | _apishieldtokenvalidation_ | _apishieldsequencemitigation_. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/logs/","name":"Logs"}},{"@type":"ListItem","position":3,"item":{"@id":"/logs/logpush/","name":"Logpush"}},{"@type":"ListItem","position":4,"item":{"@id":"/logs/logpush/logpush-job/","name":"Logpush job setup"}},{"@type":"ListItem","position":5,"item":{"@id":"/logs/logpush/logpush-job/datasets/","name":"Datasets"}},{"@type":"ListItem","position":6,"item":{"@id":"/logs/logpush/logpush-job/datasets/zone/","name":"Zone-scoped datasets"}},{"@type":"ListItem","position":7,"item":{"@id":"/logs/logpush/logpush-job/datasets/zone/firewall_events/","name":"Firewall events"}}]} ```