Get an account or zone ruleset

client.rulesets.get(, ?, ?): RulesetGetResponse { id, kind, last_updated, 5 more }

GET/{accounts_or_zones}/{account_or_zone_id}/rulesets/{ruleset_id}

Fetches the latest version of an account or zone ruleset.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

Accepted Permissions (at least one required)

Mass URL Redirects WriteMass URL Redirects ReadMagic Firewall WriteMagic Firewall ReadL4 DDoS Managed Ruleset WriteL4 DDoS Managed Ruleset ReadTransform Rules WriteTransform Rules ReadSelect Configuration WriteSelect Configuration ReadAccount WAF WriteAccount WAF ReadAccount Rulesets ReadAccount Rulesets WriteLogs WriteLogs Read

ParametersExpand Collapse

rulesetId: string

The unique ID of the ruleset.

params: RulesetGetParams { account_id, zone_id }

account_id?: string

The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.

zone_id?: string

The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

ReturnsExpand Collapse

RulesetGetResponse { id, kind, last_updated, 5 more }

A ruleset object.

id: string

The unique ID of the ruleset.

kind: Kind

The kind of the ruleset.

One of the following:

"managed"

"custom"

"root"

"zone"

last_updated: string

The timestamp of when the ruleset was last modified.

formatdate-time

The human-readable name of the ruleset.

minLength1

phase: Phase

The phase of the ruleset.

One of the following:

"ddos_l4"

"ddos_l7"

"http_config_settings"

"http_custom_errors"

"http_log_custom_fields"

"http_ratelimit"

"http_request_cache_settings"

"http_request_dynamic_redirect"

"http_request_firewall_custom"

"http_request_firewall_managed"

"http_request_late_transform"

"http_request_origin"

"http_request_redirect"

"http_request_sanitize"

"http_request_sbfm"

"http_request_transform"

"http_response_cache_settings"

"http_response_compression"

"http_response_firewall_managed"

"http_response_headers_transform"

"magic_transit"

"magic_transit_ids_managed"

"magic_transit_managed"

"magic_transit_ratelimit"

rules: Array<BlockRule { last_updated, version, id, 10 more } | RulesetsChallengeRule { last_updated, version, id, 10 more } | CompressResponseRule { last_updated, version, id, 10 more } | 17 more>

The list of rules in the ruleset.

One of the following:

BlockRule { last_updated, version, id, 10 more }

last_updated: string

The timestamp of when the rule was last modified.

formatdate-time

version: string

The version of the rule.

id?: string

The unique ID of the rule.

action?: "block"

The action to perform when the rule matches.

action_parameters?: ActionParameters { response }

The parameters configuring the rule’s action.

response?: Response { content, content_type, status_code }

The response to show when the block is applied.

content: string

The content to return.

minLength1

content_type: string

The type of the content to return.

minLength1

status_code: number

The status code to return.

maximum499

minimum400

categories?: Array<string>

The categories of the rule.

description?: string

An informative description of the rule.

enabled?: boolean

Whether the rule should be executed.

exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression }

Configuration for exposed credential checking.

password_expression: string

An expression that selects the password used in the credentials check.

minLength1

username_expression: string

An expression that selects the user ID used in the credentials check.

minLength1

expression?: string

The expression defining which traffic will match the rule.

minLength1

logging?: Logging { enabled }

An object configuring the rule’s logging behavior.

enabled: boolean

Whether to generate a log when the rule matches.

ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more }

An object configuring the rule’s rate limit behavior.

characteristics: Array<string>

Characteristics of the request on which the rate limit counter will be incremented.

period: number

Period in seconds over which the counter is being incremented.

minimum0

counting_expression?: string

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule’s expression.

minLength1

mitigation_timeout?: number

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period?: number

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin?: boolean

Whether counting is only performed when an origin is reached.

score_per_period?: number

The score threshold per period for which the action will be executed the first time.

score_response_header_name?: string

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref?: string

The reference of the rule (the rule’s ID by default).

minLength1

RulesetsChallengeRule { last_updated, version, id, 10 more }

last_updated: string

The timestamp of when the rule was last modified.

formatdate-time

version: string

The version of the rule.

id?: string

The unique ID of the rule.

action?: "challenge"

The action to perform when the rule matches.

action_parameters?: unknown

The parameters configuring the rule’s action.

categories?: Array<string>

The categories of the rule.

description?: string

An informative description of the rule.

enabled?: boolean

Whether the rule should be executed.

exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression }

Configuration for exposed credential checking.

password_expression: string

An expression that selects the password used in the credentials check.

minLength1

username_expression: string

An expression that selects the user ID used in the credentials check.

minLength1

expression?: string

The expression defining which traffic will match the rule.

minLength1

logging?: Logging { enabled }

An object configuring the rule’s logging behavior.

enabled: boolean

Whether to generate a log when the rule matches.

ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more }

An object configuring the rule’s rate limit behavior.

characteristics: Array<string>

Characteristics of the request on which the rate limit counter will be incremented.

period: number

Period in seconds over which the counter is being incremented.

minimum0

counting_expression?: string

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule’s expression.

minLength1

mitigation_timeout?: number

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period?: number

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin?: boolean

Whether counting is only performed when an origin is reached.

score_per_period?: number

The score threshold per period for which the action will be executed the first time.

score_response_header_name?: string

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref?: string

The reference of the rule (the rule’s ID by default).

minLength1

CompressResponseRule { last_updated, version, id, 10 more }

last_updated: string

The timestamp of when the rule was last modified.

formatdate-time

version: string

The version of the rule.

id?: string

The unique ID of the rule.

action?: "compress_response"

The action to perform when the rule matches.

action_parameters?: ActionParameters { algorithms }

The parameters configuring the rule’s action.

algorithms: Array<Algorithm>

Custom order for compression algorithms.

name?: "none" | "auto" | "default" | 3 more

Name of the compression algorithm to enable.

One of the following:

"none"

"auto"

"default"

"gzip"

"brotli"

"zstd"

categories?: Array<string>

The categories of the rule.

description?: string

An informative description of the rule.

enabled?: boolean

Whether the rule should be executed.

exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression }

Configuration for exposed credential checking.

password_expression: string

An expression that selects the password used in the credentials check.

minLength1

username_expression: string

An expression that selects the user ID used in the credentials check.

minLength1

expression?: string

The expression defining which traffic will match the rule.

minLength1

logging?: Logging { enabled }

An object configuring the rule’s logging behavior.

enabled: boolean

Whether to generate a log when the rule matches.

ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more }

An object configuring the rule’s rate limit behavior.

characteristics: Array<string>

Characteristics of the request on which the rate limit counter will be incremented.

period: number

Period in seconds over which the counter is being incremented.

minimum0

counting_expression?: string

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule’s expression.

minLength1

mitigation_timeout?: number

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period?: number

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin?: boolean

Whether counting is only performed when an origin is reached.

score_per_period?: number

The score threshold per period for which the action will be executed the first time.

score_response_header_name?: string

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref?: string

The reference of the rule (the rule’s ID by default).

minLength1

DDoSDynamicRule { last_updated, version, id, 10 more }

last_updated: string

The timestamp of when the rule was last modified.

formatdate-time

version: string

The version of the rule.

id?: string

The unique ID of the rule.

action?: "ddos_dynamic"

The action to perform when the rule matches.

action_parameters?: unknown

The parameters configuring the rule’s action.

categories?: Array<string>

The categories of the rule.

description?: string

An informative description of the rule.

enabled?: boolean

Whether the rule should be executed.

exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression }

Configuration for exposed credential checking.

password_expression: string

An expression that selects the password used in the credentials check.

minLength1

username_expression: string

An expression that selects the user ID used in the credentials check.

minLength1

expression?: string

The expression defining which traffic will match the rule.

minLength1

logging?: Logging { enabled }

An object configuring the rule’s logging behavior.

enabled: boolean

Whether to generate a log when the rule matches.

ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more }

An object configuring the rule’s rate limit behavior.

characteristics: Array<string>

Characteristics of the request on which the rate limit counter will be incremented.

period: number

Period in seconds over which the counter is being incremented.

minimum0

counting_expression?: string

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule’s expression.

minLength1

mitigation_timeout?: number

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period?: number

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin?: boolean

Whether counting is only performed when an origin is reached.

score_per_period?: number

The score threshold per period for which the action will be executed the first time.

score_response_header_name?: string

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref?: string

The reference of the rule (the rule’s ID by default).

minLength1

ExecuteRule { last_updated, version, id, 10 more }

last_updated: string

The timestamp of when the rule was last modified.

formatdate-time

version: string

The version of the rule.

id?: string

The unique ID of the rule.

action?: "execute"

The action to perform when the rule matches.

action_parameters?: ActionParameters { id, matched_data, overrides }

The parameters configuring the rule’s action.

id: string

The ID of the ruleset to execute.

matched_data?: MatchedData { public_key }

The configuration to use for matched data logging.

public_key: string

The public key to encrypt matched data logs with.

minLength1

overrides?: Overrides { action, categories, enabled, 2 more }

A set of overrides to apply to the target ruleset.

action?: string

An action to override all rules with. This option has lower precedence than rule and category overrides.

categories?: Array<Category>

A list of category-level overrides. This option has the second-highest precedence after rule-level overrides.

category: string

The name of the category to override.

minLength1

action?: string

The action to override rules in the category with.

enabled?: boolean

Whether to enable execution of rules in the category.

sensitivity_level?: "default" | "medium" | "low" | "eoff"

The sensitivity level to use for rules in the category. This option is only applicable for DDoS phases.

One of the following:

"default"

"medium"

"low"

"eoff"

enabled?: boolean

Whether to enable execution of all rules. This option has lower precedence than rule and category overrides.

rules?: Array<Rule>

A list of rule-level overrides. This option has the highest precedence.

id: string

The ID of the rule to override.

action?: string

The action to override the rule with.

enabled?: boolean

Whether to enable execution of the rule.

score_threshold?: number

The score threshold to use for the rule.

sensitivity_level?: "default" | "medium" | "low" | "eoff"

The sensitivity level to use for the rule. This option is only applicable for DDoS phases.

One of the following:

"default"

"medium"

"low"

"eoff"

sensitivity_level?: "default" | "medium" | "low" | "eoff"

A sensitivity level to set for all rules. This option has lower precedence than rule and category overrides and is only applicable for DDoS phases.

One of the following:

"default"

"medium"

"low"

"eoff"

categories?: Array<string>

The categories of the rule.

description?: string

An informative description of the rule.

enabled?: boolean

Whether the rule should be executed.

exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression }

Configuration for exposed credential checking.

password_expression: string

An expression that selects the password used in the credentials check.

minLength1

username_expression: string

An expression that selects the user ID used in the credentials check.

minLength1

expression?: string

The expression defining which traffic will match the rule.

minLength1

logging?: Logging { enabled }

An object configuring the rule’s logging behavior.

enabled: boolean

Whether to generate a log when the rule matches.

ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more }

An object configuring the rule’s rate limit behavior.

characteristics: Array<string>

Characteristics of the request on which the rate limit counter will be incremented.

period: number

Period in seconds over which the counter is being incremented.

minimum0

counting_expression?: string

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule’s expression.

minLength1

mitigation_timeout?: number

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period?: number

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin?: boolean

Whether counting is only performed when an origin is reached.

score_per_period?: number

The score threshold per period for which the action will be executed the first time.

score_response_header_name?: string

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref?: string

The reference of the rule (the rule’s ID by default).

minLength1

ForceConnectionCloseRule { last_updated, version, id, 10 more }

last_updated: string

The timestamp of when the rule was last modified.

formatdate-time

version: string

The version of the rule.

id?: string

The unique ID of the rule.

action?: "force_connection_close"

The action to perform when the rule matches.

action_parameters?: unknown

The parameters configuring the rule’s action.

categories?: Array<string>

The categories of the rule.

description?: string

An informative description of the rule.

enabled?: boolean

Whether the rule should be executed.

exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression }

Configuration for exposed credential checking.

password_expression: string

An expression that selects the password used in the credentials check.

minLength1

username_expression: string

An expression that selects the user ID used in the credentials check.

minLength1

expression?: string

The expression defining which traffic will match the rule.

minLength1

logging?: Logging { enabled }

An object configuring the rule’s logging behavior.

enabled: boolean

Whether to generate a log when the rule matches.

ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more }

An object configuring the rule’s rate limit behavior.

characteristics: Array<string>

Characteristics of the request on which the rate limit counter will be incremented.

period: number

Period in seconds over which the counter is being incremented.

minimum0

counting_expression?: string

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule’s expression.

minLength1

mitigation_timeout?: number

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period?: number

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin?: boolean

Whether counting is only performed when an origin is reached.

score_per_period?: number

The score threshold per period for which the action will be executed the first time.

score_response_header_name?: string

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref?: string

The reference of the rule (the rule’s ID by default).

minLength1

RulesetsJSChallengeRule { last_updated, version, id, 10 more }

last_updated: string

The timestamp of when the rule was last modified.

formatdate-time

version: string

The version of the rule.

id?: string

The unique ID of the rule.

action?: "js_challenge"

The action to perform when the rule matches.

action_parameters?: unknown

The parameters configuring the rule’s action.

categories?: Array<string>

The categories of the rule.

description?: string

An informative description of the rule.

enabled?: boolean

Whether the rule should be executed.

exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression }

Configuration for exposed credential checking.

password_expression: string

An expression that selects the password used in the credentials check.

minLength1

username_expression: string

An expression that selects the user ID used in the credentials check.

minLength1

expression?: string

The expression defining which traffic will match the rule.

minLength1

logging?: Logging { enabled }

An object configuring the rule’s logging behavior.

enabled: boolean

Whether to generate a log when the rule matches.

ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more }

An object configuring the rule’s rate limit behavior.

characteristics: Array<string>

Characteristics of the request on which the rate limit counter will be incremented.

period: number

Period in seconds over which the counter is being incremented.

minimum0

counting_expression?: string

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule’s expression.

minLength1

mitigation_timeout?: number

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period?: number

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin?: boolean

Whether counting is only performed when an origin is reached.

score_per_period?: number

The score threshold per period for which the action will be executed the first time.

score_response_header_name?: string

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref?: string

The reference of the rule (the rule’s ID by default).

minLength1

LogRule { last_updated, version, id, 10 more }

last_updated: string

The timestamp of when the rule was last modified.

formatdate-time

version: string

The version of the rule.

id?: string

The unique ID of the rule.

action?: "log"

The action to perform when the rule matches.

action_parameters?: unknown

The parameters configuring the rule’s action.

categories?: Array<string>

The categories of the rule.

description?: string

An informative description of the rule.

enabled?: boolean

Whether the rule should be executed.

exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression }

Configuration for exposed credential checking.

password_expression: string

An expression that selects the password used in the credentials check.

minLength1

username_expression: string

An expression that selects the user ID used in the credentials check.

minLength1

expression?: string

The expression defining which traffic will match the rule.

minLength1

logging?: Logging { enabled }

An object configuring the rule’s logging behavior.

enabled: boolean

Whether to generate a log when the rule matches.

ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more }

An object configuring the rule’s rate limit behavior.

characteristics: Array<string>

Characteristics of the request on which the rate limit counter will be incremented.

period: number

Period in seconds over which the counter is being incremented.

minimum0

counting_expression?: string

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule’s expression.

minLength1

mitigation_timeout?: number

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period?: number

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin?: boolean

Whether counting is only performed when an origin is reached.

score_per_period?: number

The score threshold per period for which the action will be executed the first time.

score_response_header_name?: string

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref?: string

The reference of the rule (the rule’s ID by default).

minLength1

LogCustomFieldRule { last_updated, version, id, 10 more }

last_updated: string

The timestamp of when the rule was last modified.

formatdate-time

version: string

The version of the rule.

id?: string

The unique ID of the rule.

action?: "log_custom_field"

The action to perform when the rule matches.

action_parameters?: ActionParameters { cookie_fields, raw_response_fields, request_fields, 2 more }

The parameters configuring the rule’s action.

cookie_fields?: Array<CookieField>

The cookie fields to log.

The name of the cookie.

minLength1

raw_response_fields?: Array<RawResponseField>

The raw response fields to log.

The name of the response header.

minLength1

preserve_duplicates?: boolean

Whether to log duplicate values of the same header.

request_fields?: Array<RequestField>

The raw request fields to log.

The name of the header.

minLength1

response_fields?: Array<ResponseField>

The transformed response fields to log.

The name of the response header.

minLength1

preserve_duplicates?: boolean

Whether to log duplicate values of the same header.

transformed_request_fields?: Array<TransformedRequestField>

The transformed request fields to log.

The name of the header.

minLength1

categories?: Array<string>

The categories of the rule.

description?: string

An informative description of the rule.

enabled?: boolean

Whether the rule should be executed.

exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression }

Configuration for exposed credential checking.

password_expression: string

An expression that selects the password used in the credentials check.

minLength1

username_expression: string

An expression that selects the user ID used in the credentials check.

minLength1

expression?: string

The expression defining which traffic will match the rule.

minLength1

logging?: Logging { enabled }

An object configuring the rule’s logging behavior.

enabled: boolean

Whether to generate a log when the rule matches.

ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more }

An object configuring the rule’s rate limit behavior.

characteristics: Array<string>

Characteristics of the request on which the rate limit counter will be incremented.

period: number

Period in seconds over which the counter is being incremented.

minimum0

counting_expression?: string

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule’s expression.

minLength1

mitigation_timeout?: number

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period?: number

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin?: boolean

Whether counting is only performed when an origin is reached.

score_per_period?: number

The score threshold per period for which the action will be executed the first time.

score_response_header_name?: string

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref?: string

The reference of the rule (the rule’s ID by default).

minLength1

ManagedChallengeRule { last_updated, version, id, 10 more }

last_updated: string

The timestamp of when the rule was last modified.

formatdate-time

version: string

The version of the rule.

id?: string

The unique ID of the rule.

action?: "managed_challenge"

The action to perform when the rule matches.

action_parameters?: unknown

The parameters configuring the rule’s action.

categories?: Array<string>

The categories of the rule.

description?: string

An informative description of the rule.

enabled?: boolean

Whether the rule should be executed.

exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression }

Configuration for exposed credential checking.

password_expression: string

An expression that selects the password used in the credentials check.

minLength1

username_expression: string

An expression that selects the user ID used in the credentials check.

minLength1

expression?: string

The expression defining which traffic will match the rule.

minLength1

logging?: Logging { enabled }

An object configuring the rule’s logging behavior.

enabled: boolean

Whether to generate a log when the rule matches.

ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more }

An object configuring the rule’s rate limit behavior.

characteristics: Array<string>

Characteristics of the request on which the rate limit counter will be incremented.

period: number

Period in seconds over which the counter is being incremented.

minimum0

counting_expression?: string

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule’s expression.

minLength1

mitigation_timeout?: number

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period?: number

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin?: boolean

Whether counting is only performed when an origin is reached.

score_per_period?: number

The score threshold per period for which the action will be executed the first time.

score_response_header_name?: string

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref?: string

The reference of the rule (the rule’s ID by default).

minLength1

RedirectRule { last_updated, version, id, 10 more }

last_updated: string

The timestamp of when the rule was last modified.

formatdate-time

version: string

The version of the rule.

id?: string

The unique ID of the rule.

action?: "redirect"

The action to perform when the rule matches.

action_parameters?: ActionParameters { from_list, from_value }

The parameters configuring the rule’s action.

from_list?: FromList { key, name }

A redirect based on a bulk list lookup.

key: string

An expression that evaluates to the list lookup key.

minLength1

The name of the list to match against.

from_value?: FromValue { target_url, preserve_query_string, status_code }

A redirect based on the request properties.

target_url: TargetURL { expression, value }

A URL to redirect the request to.

expression?: string

An expression that evaluates to a URL to redirect the request to.

minLength1

value?: string

A URL to redirect the request to.

minLength1

preserve_query_string?: boolean

Whether to keep the query string of the original request.

status_code?: 301 | 302 | 303 | 2 more

The status code to use for the redirect.

One of the following:

301

302

303

307

308

categories?: Array<string>

The categories of the rule.

description?: string

An informative description of the rule.

enabled?: boolean

Whether the rule should be executed.

exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression }

Configuration for exposed credential checking.

password_expression: string

An expression that selects the password used in the credentials check.

minLength1

username_expression: string

An expression that selects the user ID used in the credentials check.

minLength1

expression?: string

The expression defining which traffic will match the rule.

minLength1

logging?: Logging { enabled }

An object configuring the rule’s logging behavior.

enabled: boolean

Whether to generate a log when the rule matches.

ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more }

An object configuring the rule’s rate limit behavior.

characteristics: Array<string>

Characteristics of the request on which the rate limit counter will be incremented.

period: number

Period in seconds over which the counter is being incremented.

minimum0

counting_expression?: string

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule’s expression.

minLength1

mitigation_timeout?: number

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period?: number

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin?: boolean

Whether counting is only performed when an origin is reached.

score_per_period?: number

The score threshold per period for which the action will be executed the first time.

score_response_header_name?: string

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref?: string

The reference of the rule (the rule’s ID by default).

minLength1

RewriteRule { last_updated, version, id, 10 more }

last_updated: string

The timestamp of when the rule was last modified.

formatdate-time

version: string

The version of the rule.

id?: string

The unique ID of the rule.

action?: "rewrite"

The action to perform when the rule matches.

action_parameters?: ActionParameters { headers, uri }

The parameters configuring the rule’s action.

headers?: Record<string, AddStaticHeader { operation, value } | AddDynamicHeader { expression, operation } | SetStaticHeader { operation, value } | 2 more>

A map of headers to rewrite.

One of the following:

AddStaticHeader { operation, value }

A header with a static value to add.

operation: "add"

The operation to perform on the header.

value: string

A static value for the header.

minLength1

AddDynamicHeader { expression, operation }

A header with a dynamic value to add.

expression: string

An expression that evaluates to a value for the header.

minLength1

operation: "add"

The operation to perform on the header.

SetStaticHeader { operation, value }

A header with a static value to set.

operation: "set"

The operation to perform on the header.

value: string

A static value for the header.

minLength1

SetDynamicHeader { expression, operation }

A header with a dynamic value to set.

expression: string

An expression that evaluates to a value for the header.

minLength1

operation: "set"

The operation to perform on the header.

RemoveHeader { operation }

A header to remove.

operation: "remove"

The operation to perform on the header.

uri?: URIPath { path, origin } | URIQuery { query, origin }

A URI path rewrite.

One of the following:

URIPath { path, origin }

A URI path rewrite.

path: Path { expression, value }

A URI path rewrite.

expression?: string

An expression that evaluates to a value to rewrite the URI path to.

minLength1

value?: string

A value to rewrite the URI path to.

minLength1

origin?: boolean

Whether to propagate the rewritten URI to origin.

URIQuery { query, origin }

A URI query rewrite.

query: Query { expression, value }

A URI query rewrite.

expression?: string

An expression that evaluates to a value to rewrite the URI query to.

minLength1

value?: string

A value to rewrite the URI query to.

origin?: boolean

Whether to propagate the rewritten URI to origin.

categories?: Array<string>

The categories of the rule.

description?: string

An informative description of the rule.

enabled?: boolean

Whether the rule should be executed.

exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression }

Configuration for exposed credential checking.

password_expression: string

An expression that selects the password used in the credentials check.

minLength1

username_expression: string

An expression that selects the user ID used in the credentials check.

minLength1

expression?: string

The expression defining which traffic will match the rule.

minLength1

logging?: Logging { enabled }

An object configuring the rule’s logging behavior.

enabled: boolean

Whether to generate a log when the rule matches.

ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more }

An object configuring the rule’s rate limit behavior.

characteristics: Array<string>

Characteristics of the request on which the rate limit counter will be incremented.

period: number

Period in seconds over which the counter is being incremented.

minimum0

counting_expression?: string

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule’s expression.

minLength1

mitigation_timeout?: number

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period?: number

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin?: boolean

Whether counting is only performed when an origin is reached.

score_per_period?: number

The score threshold per period for which the action will be executed the first time.

score_response_header_name?: string

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref?: string

The reference of the rule (the rule’s ID by default).

minLength1

RouteRule { last_updated, version, id, 10 more }

last_updated: string

The timestamp of when the rule was last modified.

formatdate-time

version: string

The version of the rule.

id?: string

The unique ID of the rule.

action?: "route"

The action to perform when the rule matches.

action_parameters?: ActionParameters { host_header, origin, sni }

The parameters configuring the rule’s action.

host_header?: string

A value to rewrite the HTTP host header to.

minLength1

origin?: Origin { host, port }

An origin to route to.

host?: string

A resolved host to route to.

minLength1

port?: number

A destination port to route to.

maximum65535

minimum1

sni?: SNI { value }

A Server Name Indication (SNI) override.

value: string

A value to override the SNI to.

minLength1

categories?: Array<string>

The categories of the rule.

description?: string

An informative description of the rule.

enabled?: boolean

Whether the rule should be executed.

exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression }

Configuration for exposed credential checking.

password_expression: string

An expression that selects the password used in the credentials check.

minLength1

username_expression: string

An expression that selects the user ID used in the credentials check.

minLength1

expression?: string

The expression defining which traffic will match the rule.

minLength1

logging?: Logging { enabled }

An object configuring the rule’s logging behavior.

enabled: boolean

Whether to generate a log when the rule matches.

ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more }

An object configuring the rule’s rate limit behavior.

characteristics: Array<string>

Characteristics of the request on which the rate limit counter will be incremented.

period: number

Period in seconds over which the counter is being incremented.

minimum0

counting_expression?: string

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule’s expression.

minLength1

mitigation_timeout?: number

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period?: number

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin?: boolean

Whether counting is only performed when an origin is reached.

score_per_period?: number

The score threshold per period for which the action will be executed the first time.

score_response_header_name?: string

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref?: string

The reference of the rule (the rule’s ID by default).

minLength1

ScoreRule { last_updated, version, id, 10 more }

last_updated: string

The timestamp of when the rule was last modified.

formatdate-time

version: string

The version of the rule.

id?: string

The unique ID of the rule.

action?: "score"

The action to perform when the rule matches.

action_parameters?: ActionParameters { increment }

The parameters configuring the rule’s action.

increment: number

A delta to change the score by, which can be either positive or negative.

categories?: Array<string>

The categories of the rule.

description?: string

An informative description of the rule.

enabled?: boolean

Whether the rule should be executed.

exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression }

Configuration for exposed credential checking.

password_expression: string

An expression that selects the password used in the credentials check.

minLength1

username_expression: string

An expression that selects the user ID used in the credentials check.

minLength1

expression?: string

The expression defining which traffic will match the rule.

minLength1

logging?: Logging { enabled }

An object configuring the rule’s logging behavior.

enabled: boolean

Whether to generate a log when the rule matches.

ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more }

An object configuring the rule’s rate limit behavior.

characteristics: Array<string>

Characteristics of the request on which the rate limit counter will be incremented.

period: number

Period in seconds over which the counter is being incremented.

minimum0

counting_expression?: string

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule’s expression.

minLength1

mitigation_timeout?: number

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period?: number

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin?: boolean

Whether counting is only performed when an origin is reached.

score_per_period?: number

The score threshold per period for which the action will be executed the first time.

score_response_header_name?: string

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref?: string

The reference of the rule (the rule’s ID by default).

minLength1

ServeErrorRule { last_updated, version, id, 10 more }

last_updated: string

The timestamp of when the rule was last modified.

formatdate-time

version: string

The version of the rule.

id?: string

The unique ID of the rule.

action?: "serve_error"

The action to perform when the rule matches.

action_parameters?: ActionParametersContent { content, content_type, status_code } | ActionParametersAsset { asset_name, content_type, status_code }

The parameters configuring the rule’s action.

One of the following:

ActionParametersContent { content, content_type, status_code }

content: string

The response content.

minLength1

content_type?: "application/json" | "text/html" | "text/plain" | "text/xml"

The content type header to set with the error response.

One of the following:

"application/json"

"text/html"

"text/plain"

"text/xml"

status_code?: number

The status code to use for the error.

maximum999

minimum400

ActionParametersAsset { asset_name, content_type, status_code }

asset_name: string

The name of a custom asset to serve as the error response.

minLength1

content_type?: "application/json" | "text/html" | "text/plain" | "text/xml"

The content type header to set with the error response.

One of the following:

"application/json"

"text/html"

"text/plain"

"text/xml"

status_code?: number

The status code to use for the error.

maximum999

minimum400

categories?: Array<string>

The categories of the rule.

description?: string

An informative description of the rule.

enabled?: boolean

Whether the rule should be executed.

exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression }

Configuration for exposed credential checking.

password_expression: string

An expression that selects the password used in the credentials check.

minLength1

username_expression: string

An expression that selects the user ID used in the credentials check.

minLength1

expression?: string

The expression defining which traffic will match the rule.

minLength1

logging?: Logging { enabled }

An object configuring the rule’s logging behavior.

enabled: boolean

Whether to generate a log when the rule matches.

ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more }

An object configuring the rule’s rate limit behavior.

characteristics: Array<string>

Characteristics of the request on which the rate limit counter will be incremented.

period: number

Period in seconds over which the counter is being incremented.

minimum0

counting_expression?: string

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule’s expression.

minLength1

mitigation_timeout?: number

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period?: number

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin?: boolean

Whether counting is only performed when an origin is reached.

score_per_period?: number

The score threshold per period for which the action will be executed the first time.

score_response_header_name?: string

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref?: string

The reference of the rule (the rule’s ID by default).

minLength1

RulesetsSetCacheControlRule { last_updated, version, id, 10 more }

last_updated: string

The timestamp of when the rule was last modified.

formatdate-time

version: string

The version of the rule.

id?: string

The unique ID of the rule.

action?: "set_cache_control"

The action to perform when the rule matches.

action_parameters?: ActionParameters { immutable, max-age, must-revalidate, 10 more }

The parameters configuring the rule’s action.

immutable?: SetDirective { operation, cloudflare_only } | RemoveDirective { operation, cloudflare_only }

A cache-control directive configuration.

One of the following:

SetDirective { operation, cloudflare_only }

Set the directive.

operation: "set" | "remove"

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only?: boolean

Whether the directive should only be applied to the Cloudflare CDN cache.

RemoveDirective { operation, cloudflare_only }

Remove the directive.

operation: "set" | "remove"

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only?: boolean

Whether the directive should only be applied to the Cloudflare CDN cache.

"max-age"?: SetDirective { operation, value, cloudflare_only } | RemoveDirective { operation, cloudflare_only }

A cache-control directive configuration that accepts a duration value in seconds.

One of the following:

SetDirective { operation, value, cloudflare_only }

Set the directive with a duration value in seconds.

operation: "set" | "remove"

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

value: number

The duration value in seconds for the directive.

minimum0

cloudflare_only?: boolean

Whether the directive should only be applied to the Cloudflare CDN cache.

RemoveDirective { operation, cloudflare_only }

Remove the directive.

operation: "set" | "remove"

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only?: boolean

Whether the directive should only be applied to the Cloudflare CDN cache.

"must-revalidate"?: SetDirective { operation, cloudflare_only } | RemoveDirective { operation, cloudflare_only }

A cache-control directive configuration.

One of the following:

SetDirective { operation, cloudflare_only }

Set the directive.

operation: "set" | "remove"

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only?: boolean

Whether the directive should only be applied to the Cloudflare CDN cache.

RemoveDirective { operation, cloudflare_only }

Remove the directive.

operation: "set" | "remove"

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only?: boolean

Whether the directive should only be applied to the Cloudflare CDN cache.

"must-understand"?: SetDirective { operation, cloudflare_only } | RemoveDirective { operation, cloudflare_only }

A cache-control directive configuration.

One of the following:

SetDirective { operation, cloudflare_only }

Set the directive.

operation: "set" | "remove"

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only?: boolean

Whether the directive should only be applied to the Cloudflare CDN cache.

RemoveDirective { operation, cloudflare_only }

Remove the directive.

operation: "set" | "remove"

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only?: boolean

Whether the directive should only be applied to the Cloudflare CDN cache.

"no-cache"?: SetDirective { operation, cloudflare_only, qualifiers } | RemoveDirective { operation, cloudflare_only }

A cache-control directive configuration that accepts optional qualifiers (header names).

One of the following:

SetDirective { operation, cloudflare_only, qualifiers }

Set the directive with optional qualifiers.

operation: "set" | "remove"

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only?: boolean

Whether the directive should only be applied to the Cloudflare CDN cache.

qualifiers?: Array<string>

Optional list of header names to qualify the directive (e.g., for “private” or “no-cache” directives).

RemoveDirective { operation, cloudflare_only }

Remove the directive.

operation: "set" | "remove"

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"