Policy violations
Shortly after you configure Page Shield policies, the Cloudflare dashboard will start displaying any violations of those policies. This information will be available for policies with any action (Allow and Log).
Information about policy violations is also available via GraphQL API and Logpush.
Review policy violations in the dashboard
The policy violation information is available in Security > Page Shield > Policies. It includes the following:
- A sparkline next to the policy name, showing policy violations in the past seven days.
- For policies with associated violations, an expandable details section for each policy, with the top resources present in policy violation events and a sparkline per top resource.
Get policy violations via GraphQL API
Use the Cloudflare GraphQL API to obtain policy violation information through the following dataset:
pageShieldReportsAdaptiveGroups
You can query the dataset for policy violations occurred in the past 30 days.
Use introspection to explore the available fields the GraphQL schema. For more information, refer to Explore the GraphQL schema.
For an introduction to GraphQL querying, refer to Querying basics.
Example
Example GraphQL queryquery PageShieldReports($zoneTag: string, $datetimeStart: string, $datetimeEnd: string) { viewer { zones(filter: {zoneTag: $zoneTag}) { pageShieldReportsAdaptiveGroups(limit: 100, orderBy: [datetime_ASC], filter: {datetime_geq:$datetimeStart, datetime_leq:$datetimeEnd}) { avg { sampleInterval } count dimensions { policyID datetime datetimeMinute datetimeFiveMinutes datetimeFifteenMinutes datetimeHalfOfHour datetimeHour url urlHost host resourceType pageURL action } } } }
}
Example curl request
echo '{ "query": "query PageShieldReports($zoneTag: string, $datetimeStart: string, $datetimeEnd: string) { viewer { zones(filter: {zoneTag: $zoneTag}) { pageShieldReportsAdaptiveGroups(limit: 100, orderBy: [datetime_ASC], filter: {datetime_geq:$datetimeStart, datetime_leq:$datetimeEnd}) { avg { sampleInterval } count dimensions { policyID datetime datetimeMinute datetimeFiveMinutes datetimeFifteenMinutes datetimeHalfOfHour datetimeHour url urlHost host resourceType pageURL action } } } } }", "variables": { "zoneTag": "<CLOUDFLARE_ZONE_ID>", "datetimeStart": "2023-04-17T11:00:00Z", "datetimeEnd": "2023-04-24T12:00:00Z" }}' | tr -d '\n' | curl https://api.cloudflare.com/client/v4/graphql/ \
--header "X-Auth-Email: <CLOUDFLARE_EMAIL>" \
--header "X-Auth-Key: <CLOUDFLARE_API_KEY>" \
--header "Content-Type: application/json" \
--silent \
--data @-
Get policy violations via Logpush
Cloudflare Logpush supports pushing logs to storage services, SIEM systems, and log management providers.
Information about Page Shield policy violations is available in the page_shield_events
dataset.
For more information on configuring Logpush jobs, refer to Logs: Get started.