Configure Rules
You can configure Tenant Access Control List (ACL) rules with the Auth0 Management API.
Available actions
You can view, create, update, overwrite, and delete Tenant ACL rules with the Management API.
| Action | Endpoint | Require scope |
|---|---|---|
| View a rule | Get a specific access control list entry for a tenant | read:network_acls |
| View all rules | Get all access control list entries for a tenant | read:network_acls |
| Create a rule | Create access control list | create:network_acls |
| Update a rule | Partial update for an access control list | update:network_acls |
| Overwrite a rule | Update access control list | update:network_acls |
| Delete a rule | Delete access control list | delete:network_acls |
Parameters
For detailed information about Tenant ACL parameters and how to use them, read Reference.
| Parameter | Data type | Description |
|---|---|---|
description |
string | Describes the purpose or functionality of the rule. |
active |
boolean | Enables or disables the rule. |
priority |
number | Numerical value that determines the order in which the rule is evaluated. Lower values indicate higher priority. |
rule |
object | Contains the following properties:
|
Example: Block all traffic from a given country
Here’s an example of a Tenant ACL rule that blocks all incoming traffic from China.
To create a Tenant ACL rule with the Management API:
Get a Management API access token with the
create:network_aclsscope.Call the Management API Create access control list endpoint with the following body:
{ "description": "Block all traffic from China", "active": true, "priority": 1, "rule": { "action": { "block": true }, "match": { "geo_country_codes": ["CN"] }, "scope": "authentication" } }Was this helpful?
/
package main
import (
"context"
"log"
"github.com/auth0/go-auth0"
"github.com/auth0/go-auth0/management"
)
func main() {
mgmt, err := management.New("{yourDomain}", management.WithClientCredentials("{yourClientId}", "{yourClientSecret}"))
if err != nil {
log.Fatal(err)
}
networkACL := &management.NetworkACL{
Description: auth0.String("Block all traffic from China"),
Active: auth0.Bool(true),
Priority: auth0.Int(1),
Rule: &management.NetworkACLRule{
Action: &management.NetworkACLRuleAction{
Block: auth0.Bool(true),
},
Match: &management.NetworkACLRuleMatch{
GeoCountryCodes: &[]string{"CN"},
},
Scope: auth0.String("authentication"),
},
}
err = mgmt.NetworkACL.Create(context.Background(), networkACL)
if err != nil {
log.Fatal(err)
}
log.Println("Network ACL has been created")
}Was this helpful?
const createNetworkAclPayload: Management.CreateNetworkAclRequestContent = {
description: "Block all traffic from China",
active: true,
priority: 1,
rule: {
action: {
block: true
},
match: {
geo_country_codes: ["CN"]
},
scope: "authentication"
}
};
const createNetworkAcl = await client.networkAcls.create(createNetworkAclPayload);Was this helpful?
resource "auth0_network_acl" "block_traffic_acl" {
description = "Block all traffic from China"
active = true
priority = 1
rule {
action {
block = true
}
match {
geo_country_codes = ["CN"]
}
scope = "authentication"
}
}Was this helpful?
networkACLs:
- description: Block all traffic from China
active: true
priority: 1
rule:
action:
block: true
match:
geo_country_codes:
- CN
scope: authenticationWas this helpful?
auth0 network-acl create \
--description "Block all traffic from China" \
--priority 1 \
--active true \
--rule '{"action":{"block":true},"match":{"geo_country_codes":["CN"]},"scope":"authentication"}'Was this helpful?
Toggle monitoring mode for a rule
You can enable or disable monitoring mode for a Tenant ACL rule by setting the rule.action.log object to true or false, respectively.
Example: Enable monitoring mode for an existing Tenant ACL rule
To enable monitoring mode for a Tenant ACL rule with the Management API:
Get a Management API access token with the
update:network_aclsscope.Call the Management API Partial update for an access control list endpoint with the following body:
{ "rule": { "action": { "log": true }, "scope": "authentication" } }Was this helpful?
/
package main
import (
"context"
"log"
"github.com/auth0/go-auth0"
"github.com/auth0/go-auth0/management"
)
func main() {
mgmt, err := management.New("{yourDomain}", management.WithClientCredentials("{yourClientId}", "{yourClientSecret}"))
if err != nil {
log.Fatal(err)
}
networkACL := &management.NetworkACL{
Rule: &management.NetworkACLRule{
Action: &management.NetworkACLRuleAction{
Log: auth0.Bool(true),
},
Scope: auth0.String("authentication"),
},
}
err = mgmt.NetworkACL.Patch(context.Background(), "YOUR_TENANT_ACL_ID", networkACL)
if err != nil {
log.Fatal(err)
}
log.Println("Network ACL has been updated to enable monitoring mode")
}Was this helpful?
const updateNetworkAclPayload: Management.UpdateNetworkAclRequestContent = {
rule: {
action: {
log: true,
},
scope: "authentication"
}
};
const updateNetworkAcl = await client.networkAcls.update("YOUR_TENANT_ACL_ID", updateNetworkAclPayload);Was this helpful?
resource "auth0_network_acl" "block_traffic_acl" {
description = "Block all traffic from China"
active = true
priority = 1
rule {
action {
block = true
log = true
}
match {
geo_country_codes = ["CN"]
}
scope = "authentication"
}
}Was this helpful?
networkACLs:
- description: Block all traffic from China
active: true
priority: 1
rule:
action:
block: true
log: true
match:
geo_country_codes:
- CN
scope: authenticationWas this helpful?
auth0 network-acl update YOUR_TENANT_ACL_ID --action logWas this helpful?