Manage sequence rules
- Log in to the Cloudflare dashboard ↗, and select your account and domain.
- Go to Security > API Shield > API Rules.
- Select Create sequence rule.
- Name your rule.
- Select a starting endpoint. This is the endpoint that you expect users to hit first in their request flow when using your API.
- Choose a hostname to display the list of endpoints for that hostname.
- Choose an endpoint.
- Select Set as starting endpoint.
- Select a final endpoint. This is the endpoint you are targeting for protection.
- Choose a hostname to display the list of endpoints for that hostname.
- Choose an endpoint.
- Select Set as ending endpoint.
- Choose an action that corresponds to the security model type:
-
Allow: This will create a positive security model by defining approved sequences on your API.
-
Log / Block: This will test or enforce a negative security model defining known bad sequences on your API.
-
- Select Create rule.
You also have the option to edit an existing rule by selecting it on the rule list. You can rename your rule, adjust the starting and ending endpoint order, modify the endpoint, and change the action of the rule.
You can change the priority order of your rules by selecting and dragging the rules on the list.
You can also explicitly set a priority order by selecting the three dots on your rule and choosing Move to… where you can set the new priority in the resulting modal window.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark
-
