Skip to content

Deploy a custom ruleset

Before you begin:

  1. Obtain the name of the phase where you want to deploy the custom ruleset.
  2. Create a custom ruleset and keep the ID of the new custom ruleset.
  3. Fetch the rules already present in the phase entry point ruleset. You must include in the PUT request all existing rules you want to keep.

To deploy a custom ruleset, add a rule that executes the custom ruleset. Define the rule scope in the rule expression.

Example

The following PUT request adds a rule that executes a custom ruleset when the zone name matches example.com.

Request
curl --request PUT \
https://api.cloudflare.com/client/v4/accounts/{account_id}/rulesets/phases/http_request_firewall_custom/entrypoint \
--header "Authorization: Bearer <API_TOKEN>" \
--header "Content-Type: application/json" \
--data '{
"rules": [
{
"action": "execute",
"description": "Execute custom ruleset",
"expression": "(cf.zone.name == \"example.com\") and cf.zone.plan eq \"ENT\"",
"action_parameters": {
"id": "<CUSTOM_RULESET_ID>"
}
},
{
"id": "<EXISTING_PHASE_RULE_ID_1>"
},
{
"id": "<EXISTING_PHASE_RULE_ID_2>"
}
]
}'

The response displays the rules in your phase.

Response
{
"result": {
"id": "<ACCOUNT_PHASE_RULESET_ID>",
"name": "http_request_firewall_custom phase entry point ruleset for my account",
"description": "Execute several rulesets",
"kind": "root",
"version": "3",
"rules": [
{
"id": "<PHASE_RULE_ID>",
"version": "1",
"action": "execute",
"description":"Execute custom ruleset",
"action_parameters": {
"id": "<CUSTOM_RULESET_ID>",
"version": "latest"
},
"expression": "(cf.zone.name == \"example.com\") and cf.zone.plan eq \"ENT\"",
"last_updated": "2021-03-18T18:35:14.135697Z",
"ref": "<PHASE_RULE_REF>",
"enabled": true
},
{
"id": "<EXISTING_PHASE_RULE_ID_1>",
"version": "1",
"action": "execute",
"action_parameters": {
"id": "<EXECUTED_RULESET_ID_1>",
"version": "latest"
},
"expression": "(cf.zone.name eq \"example.com\") and cf.zone.plan eq \"ENT\"",
"last_updated": "2021-03-16T15:51:49.180378Z",
"ref": "<EXISTING_PHASE_RULE_REF_1>",
"enabled": true
},
{
"id": "<EXISTING_PHASE_RULE_ID_2>",
"version": "1",
"action": "execute",
"action_parameters": {
"id": "<EXECUTED_RULESET_ID_2>",
"version": "latest"
},
"expression": "(cf.zone.name eq \"example.com\") and cf.zone.plan eq \"ENT\"",
"last_updated": "2021-03-16T15:50:29.861157Z",
"ref": "<EXISTING_PHASE_RULE_REF_2>",
"enabled": true
}
],
"last_updated": "2021-03-18T18:35:14.135697Z",
"phase": "http_request_firewall_custom"
},
"success": true,
"errors": [],
"messages": []
}