Skip to content
Cloudflare Docs

Policy violations

Shortly after you configure Page Shield policies, the Cloudflare dashboard will start displaying any violations of those policies. This information will be available for policies with any action (Allow and Log).

Information about policy violations is also available via GraphQL API and Logpush.

Review policy violations in the dashboard

The policy violation information is available in Security > Page Shield > Policies. It includes the following:

  • A sparkline next to the policy name, showing policy violations in the past seven days.
  • For policies with associated violations, an expandable details section for each policy, with the top resources present in policy violation events and a sparkline per top resource.

Get policy violations via GraphQL API

Use the Cloudflare GraphQL API to obtain policy violation information through the following dataset:

  • pageShieldReportsAdaptiveGroups

You can query the dataset for policy violations occurred in the past 30 days.

Use introspection to explore the available fields the GraphQL schema. For more information, refer to Explore the GraphQL schema.

For an introduction to GraphQL querying, refer to Querying basics.

Example

Example GraphQL query
query PageShieldReports($zoneTag: string, $datetimeStart: string, $datetimeEnd: string) {
  viewer {
    zones(filter: {zoneTag: $zoneTag}) {
      pageShieldReportsAdaptiveGroups(limit: 100,  orderBy: [datetime_ASC], filter: {datetime_geq:$datetimeStart, datetime_leq:$datetimeEnd}) {
        avg {
          sampleInterval
        }
        count
        dimensions {
          policyID
          datetime
          datetimeMinute
          datetimeFiveMinutes
          datetimeFifteenMinutes
          datetimeHalfOfHour
          datetimeHour
          url
          urlHost
          host
          resourceType
          pageURL
          action
        }
      }
    }
  }
}

Example curl request
Terminal window
echo '{ "query":
  "query PageShieldReports($zoneTag: string, $datetimeStart: string, $datetimeEnd: string) {
    viewer {
      zones(filter: {zoneTag: $zoneTag}) {
        pageShieldReportsAdaptiveGroups(limit: 100,  orderBy: [datetime_ASC], filter: {datetime_geq:$datetimeStart, datetime_leq:$datetimeEnd}) {
          avg {
            sampleInterval
          }
          count
          dimensions {
            policyID
            datetime
            datetimeMinute
            datetimeFiveMinutes
            datetimeFifteenMinutes
            datetimeHalfOfHour
            datetimeHour
            url
            urlHost
            host
            resourceType
            pageURL
            action
          }
        }
      }
    }
  }",
  "variables": {
    "zoneTag": "<CLOUDFLARE_ZONE_ID>",
    "datetimeStart": "2023-04-17T11:00:00Z",
    "datetimeEnd": "2023-04-24T12:00:00Z"
  }
}' | tr -d '\n' | curl --silent \
https://api.cloudflare.com/client/v4/graphql \
--header "Authorization: Bearer <API_TOKEN>" \
--header "Content-Type: application/json" \
--data @-

Get policy violations via Logpush

Cloudflare Logpush supports pushing logs to storage services, SIEM systems, and log management providers.

Information about Page Shield policy violations is available in the page_shield_events dataset.

For more information on configuring Logpush jobs, refer to Logs: Get started.

Cloudflare DashboardDiscordCommunityLearning CenterSupport Portal
Cookie Settings