Create an account or zone ruleset rule
Adds a new rule to an account or zone ruleset. The rule will be added to the end of the existing list of rules in the ruleset by default.
Security
API Token
The preferred authorization scheme for interacting with the Cloudflare API. Create a token.
Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYYAPI Email + API Key
The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.
X-Auth-Email: user@example.comThe previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.
X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194Accepted Permissions (at least one required)
Mass URL Redirects WriteMagic Firewall WriteL4 DDoS Managed Ruleset WriteTransform Rules WriteSelect Configuration WriteAccount WAF WriteAccount Rulesets WriteLogs WriteParametersExpand Collapse
params RuleNewParams
Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.
Body param: The expression defining which traffic will match the rule.
Body param: An object configuring where the rule will be placed.
Body param: An object configuring where the rule will be placed.
Body param: An object configuring the rule's rate limit behavior.
Body param: An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
ReturnsExpand Collapse
type RuleNewResponse struct{…}A ruleset object.
A ruleset object.
Kind KindThe kind of the ruleset.
The kind of the ruleset.
Phase PhaseThe phase of the ruleset.
The phase of the ruleset.
Rules []RuleNewResponseRuleThe list of rules in the ruleset.
The list of rules in the ruleset.
type BlockRule struct{…}
ExposedCredentialCheck BlockRuleExposedCredentialCheckoptionalConfiguration for exposed credential checking.
Configuration for exposed credential checking.
Ratelimit BlockRuleRatelimitoptionalAn object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
type RuleNewResponseRulesRulesetsChallengeRule struct{…}
The action to perform when the rule matches.
ExposedCredentialCheck RuleNewResponseRulesRulesetsChallengeRuleExposedCredentialCheckoptionalConfiguration for exposed credential checking.
Configuration for exposed credential checking.
Ratelimit RuleNewResponseRulesRulesetsChallengeRuleRatelimitoptionalAn object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
type CompressResponseRule struct{…}
ActionParameters CompressResponseRuleActionParametersoptionalThe parameters configuring the rule's action.
The parameters configuring the rule's action.
Algorithms []CompressResponseRuleActionParametersAlgorithmCustom order for compression algorithms.
Custom order for compression algorithms.
Name CompressResponseRuleActionParametersAlgorithmsNameoptionalName of the compression algorithm to enable.
Name of the compression algorithm to enable.
ExposedCredentialCheck CompressResponseRuleExposedCredentialCheckoptionalConfiguration for exposed credential checking.
Configuration for exposed credential checking.
Ratelimit CompressResponseRuleRatelimitoptionalAn object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
type DDoSDynamicRule struct{…}
ExposedCredentialCheck DDoSDynamicRuleExposedCredentialCheckoptionalConfiguration for exposed credential checking.
Configuration for exposed credential checking.
Ratelimit DDoSDynamicRuleRatelimitoptionalAn object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
type ExecuteRule struct{…}
ActionParameters ExecuteRuleActionParametersoptionalThe parameters configuring the rule's action.
The parameters configuring the rule's action.
MatchedData ExecuteRuleActionParametersMatchedDataoptionalThe configuration to use for matched data logging.
The configuration to use for matched data logging.
Overrides ExecuteRuleActionParametersOverridesoptionalA set of overrides to apply to the target ruleset.
A set of overrides to apply to the target ruleset.
An action to override all rules with. This option has lower precedence than rule and category overrides.
Categories []ExecuteRuleActionParametersOverridesCategoryoptionalA list of category-level overrides. This option has the second-highest precedence after rule-level overrides.
A list of category-level overrides. This option has the second-highest precedence after rule-level overrides.
SensitivityLevel ExecuteRuleActionParametersOverridesCategoriesSensitivityLeveloptionalThe sensitivity level to use for rules in the category. This option is only applicable for DDoS phases.
The sensitivity level to use for rules in the category. This option is only applicable for DDoS phases.
Whether to enable execution of all rules. This option has lower precedence than rule and category overrides.
Rules []ExecuteRuleActionParametersOverridesRuleoptionalA list of rule-level overrides. This option has the highest precedence.
A list of rule-level overrides. This option has the highest precedence.
SensitivityLevel ExecuteRuleActionParametersOverridesRulesSensitivityLeveloptionalThe sensitivity level to use for the rule. This option is only applicable for DDoS phases.
The sensitivity level to use for the rule. This option is only applicable for DDoS phases.
SensitivityLevel ExecuteRuleActionParametersOverridesSensitivityLeveloptionalA sensitivity level to set for all rules. This option has lower precedence than rule and category overrides and is only applicable for DDoS phases.
A sensitivity level to set for all rules. This option has lower precedence than rule and category overrides and is only applicable for DDoS phases.
ExposedCredentialCheck ExecuteRuleExposedCredentialCheckoptionalConfiguration for exposed credential checking.
Configuration for exposed credential checking.
Ratelimit ExecuteRuleRatelimitoptionalAn object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
type ForceConnectionCloseRule struct{…}
ExposedCredentialCheck ForceConnectionCloseRuleExposedCredentialCheckoptionalConfiguration for exposed credential checking.
Configuration for exposed credential checking.
Ratelimit ForceConnectionCloseRuleRatelimitoptionalAn object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
type RuleNewResponseRulesRulesetsJSChallengeRule struct{…}
The action to perform when the rule matches.
ExposedCredentialCheck RuleNewResponseRulesRulesetsJSChallengeRuleExposedCredentialCheckoptionalConfiguration for exposed credential checking.
Configuration for exposed credential checking.
Ratelimit RuleNewResponseRulesRulesetsJSChallengeRuleRatelimitoptionalAn object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
type LogRule struct{…}
ExposedCredentialCheck LogRuleExposedCredentialCheckoptionalConfiguration for exposed credential checking.
Configuration for exposed credential checking.
Ratelimit LogRuleRatelimitoptionalAn object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
type LogCustomFieldRule struct{…}
ActionParameters LogCustomFieldRuleActionParametersoptionalThe parameters configuring the rule's action.
The parameters configuring the rule's action.
RawResponseFields []LogCustomFieldRuleActionParametersRawResponseFieldoptionalThe raw response fields to log.
The raw response fields to log.
RequestFields []LogCustomFieldRuleActionParametersRequestFieldoptionalThe raw request fields to log.
The raw request fields to log.
ExposedCredentialCheck LogCustomFieldRuleExposedCredentialCheckoptionalConfiguration for exposed credential checking.
Configuration for exposed credential checking.
Ratelimit LogCustomFieldRuleRatelimitoptionalAn object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
type ManagedChallengeRule struct{…}
ExposedCredentialCheck ManagedChallengeRuleExposedCredentialCheckoptionalConfiguration for exposed credential checking.
Configuration for exposed credential checking.
Ratelimit ManagedChallengeRuleRatelimitoptionalAn object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
type RedirectRule struct{…}
ActionParameters RedirectRuleActionParametersoptionalThe parameters configuring the rule's action.
The parameters configuring the rule's action.
FromValue RedirectRuleActionParametersFromValueoptionalA redirect based on the request properties.
A redirect based on the request properties.
StatusCode RedirectRuleActionParametersFromValueStatusCodeoptionalThe status code to use for the redirect.
The status code to use for the redirect.
ExposedCredentialCheck RedirectRuleExposedCredentialCheckoptionalConfiguration for exposed credential checking.
Configuration for exposed credential checking.
Ratelimit RedirectRuleRatelimitoptionalAn object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
type RewriteRule struct{…}
ActionParameters RewriteRuleActionParametersoptionalThe parameters configuring the rule's action.
The parameters configuring the rule's action.
Headers map[string, RewriteRuleActionParametersHeader]optionalA map of headers to rewrite.
A map of headers to rewrite.
type RewriteRuleActionParametersHeadersAddStaticHeader struct{…}A header with a static value to add.
A header with a static value to add.
type RewriteRuleActionParametersHeadersAddDynamicHeader struct{…}A header with a dynamic value to add.
A header with a dynamic value to add.
type RewriteRuleActionParametersHeadersSetStaticHeader struct{…}A header with a static value to set.
A header with a static value to set.
ExposedCredentialCheck RewriteRuleExposedCredentialCheckoptionalConfiguration for exposed credential checking.
Configuration for exposed credential checking.
Ratelimit RewriteRuleRatelimitoptionalAn object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
type RouteRule struct{…}
ActionParameters RouteRuleActionParametersoptionalThe parameters configuring the rule's action.
The parameters configuring the rule's action.
ExposedCredentialCheck RouteRuleExposedCredentialCheckoptionalConfiguration for exposed credential checking.
Configuration for exposed credential checking.
Ratelimit RouteRuleRatelimitoptionalAn object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
type ScoreRule struct{…}
ExposedCredentialCheck ScoreRuleExposedCredentialCheckoptionalConfiguration for exposed credential checking.
Configuration for exposed credential checking.
Ratelimit ScoreRuleRatelimitoptionalAn object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
type ServeErrorRule struct{…}
ActionParameters ServeErrorRuleActionParametersoptionalThe parameters configuring the rule's action.
The parameters configuring the rule's action.
type ServeErrorRuleActionParametersActionParametersContent struct{…}
ContentType ServeErrorRuleActionParametersActionParametersContentContentTypeoptionalThe content type header to set with the error response.
The content type header to set with the error response.
type ServeErrorRuleActionParametersActionParametersAsset struct{…}
ContentType ServeErrorRuleActionParametersActionParametersAssetContentTypeoptionalThe content type header to set with the error response.
The content type header to set with the error response.
ExposedCredentialCheck ServeErrorRuleExposedCredentialCheckoptionalConfiguration for exposed credential checking.
Configuration for exposed credential checking.
Ratelimit ServeErrorRuleRatelimitoptionalAn object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
type RuleNewResponseRulesRulesetsSetCacheControlRule struct{…}
The action to perform when the rule matches.
ActionParameters RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersoptionalThe parameters configuring the rule's action.
The parameters configuring the rule's action.
Immutable RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersImmutableoptionalA cache-control directive configuration.
A cache-control directive configuration.
type RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersImmutableSetDirective struct{…}Set the directive.
Set the directive.
Operation RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersImmutableSetDirectiveOperationThe operation to perform on the cache-control directive.
The operation to perform on the cache-control directive.
type RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersImmutableRemoveDirective struct{…}Remove the directive.
Remove the directive.
Operation RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersImmutableRemoveDirectiveOperationThe operation to perform on the cache-control directive.
The operation to perform on the cache-control directive.
MaxAge RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersMaxAgeoptionalA cache-control directive configuration that accepts a duration value in seconds.
A cache-control directive configuration that accepts a duration value in seconds.
type RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersMaxAgeSetDirective struct{…}Set the directive with a duration value in seconds.
Set the directive with a duration value in seconds.
Operation RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersMaxAgeSetDirectiveOperationThe operation to perform on the cache-control directive.
The operation to perform on the cache-control directive.
type RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersMaxAgeRemoveDirective struct{…}Remove the directive.
Remove the directive.
Operation RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersMaxAgeRemoveDirectiveOperationThe operation to perform on the cache-control directive.
The operation to perform on the cache-control directive.
MustRevalidate RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersMustRevalidateoptionalA cache-control directive configuration.
A cache-control directive configuration.
type RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersMustRevalidateSetDirective struct{…}Set the directive.
Set the directive.
Operation RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersMustRevalidateSetDirectiveOperationThe operation to perform on the cache-control directive.
The operation to perform on the cache-control directive.
type RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersMustRevalidateRemoveDirective struct{…}Remove the directive.
Remove the directive.
Operation RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersMustRevalidateRemoveDirectiveOperationThe operation to perform on the cache-control directive.
The operation to perform on the cache-control directive.
MustUnderstand RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersMustUnderstandoptionalA cache-control directive configuration.
A cache-control directive configuration.
type RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersMustUnderstandSetDirective struct{…}Set the directive.
Set the directive.
Operation RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersMustUnderstandSetDirectiveOperationThe operation to perform on the cache-control directive.
The operation to perform on the cache-control directive.
type RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersMustUnderstandRemoveDirective struct{…}Remove the directive.
Remove the directive.
Operation RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersMustUnderstandRemoveDirectiveOperationThe operation to perform on the cache-control directive.
The operation to perform on the cache-control directive.
NoCache RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersNoCacheoptionalA cache-control directive configuration that accepts optional qualifiers (header names).
A cache-control directive configuration that accepts optional qualifiers (header names).
type RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersNoCacheSetDirective struct{…}Set the directive with optional qualifiers.
Set the directive with optional qualifiers.
Operation RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersNoCacheSetDirectiveOperationThe operation to perform on the cache-control directive.
The operation to perform on the cache-control directive.
type RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersNoCacheRemoveDirective struct{…}Remove the directive.
Remove the directive.
Operation RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersNoCacheRemoveDirectiveOperationThe operation to perform on the cache-control directive.
The operation to perform on the cache-control directive.
NoStore RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersNoStoreoptionalA cache-control directive configuration.
A cache-control directive configuration.
type RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersNoStoreSetDirective struct{…}Set the directive.
Set the directive.
Operation RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersNoStoreSetDirectiveOperationThe operation to perform on the cache-control directive.
The operation to perform on the cache-control directive.
type RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersNoStoreRemoveDirective struct{…}Remove the directive.
Remove the directive.
Operation RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersNoStoreRemoveDirectiveOperationThe operation to perform on the cache-control directive.
The operation to perform on the cache-control directive.
NoTransform RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersNoTransformoptionalA cache-control directive configuration.
A cache-control directive configuration.
type RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersNoTransformSetDirective struct{…}Set the directive.
Set the directive.
Operation RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersNoTransformSetDirectiveOperationThe operation to perform on the cache-control directive.
The operation to perform on the cache-control directive.
type RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersNoTransformRemoveDirective struct{…}Remove the directive.
Remove the directive.
Operation RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersNoTransformRemoveDirectiveOperationThe operation to perform on the cache-control directive.
The operation to perform on the cache-control directive.
Private RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersPrivateoptionalA cache-control directive configuration that accepts optional qualifiers (header names).
A cache-control directive configuration that accepts optional qualifiers (header names).
type RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersPrivateSetDirective struct{…}Set the directive with optional qualifiers.
Set the directive with optional qualifiers.
Operation RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersPrivateSetDirectiveOperationThe operation to perform on the cache-control directive.
The operation to perform on the cache-control directive.
type RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersPrivateRemoveDirective struct{…}Remove the directive.
Remove the directive.
Operation RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersPrivateRemoveDirectiveOperationThe operation to perform on the cache-control directive.
The operation to perform on the cache-control directive.
ProxyRevalidate RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersProxyRevalidateoptionalA cache-control directive configuration.
A cache-control directive configuration.
type RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersProxyRevalidateSetDirective struct{…}Set the directive.
Set the directive.
Operation RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersProxyRevalidateSetDirectiveOperationThe operation to perform on the cache-control directive.
The operation to perform on the cache-control directive.
type RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersProxyRevalidateRemoveDirective struct{…}Remove the directive.
Remove the directive.
Operation RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersProxyRevalidateRemoveDirectiveOperationThe operation to perform on the cache-control directive.
The operation to perform on the cache-control directive.
Public RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersPublicoptionalA cache-control directive configuration.
A cache-control directive configuration.
type RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersPublicSetDirective struct{…}Set the directive.
Set the directive.
Operation RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersPublicSetDirectiveOperationThe operation to perform on the cache-control directive.
The operation to perform on the cache-control directive.
type RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersPublicRemoveDirective struct{…}Remove the directive.
Remove the directive.
Operation RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersPublicRemoveDirectiveOperationThe operation to perform on the cache-control directive.
The operation to perform on the cache-control directive.
SMaxage RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersSMaxageoptionalA cache-control directive configuration that accepts a duration value in seconds.
A cache-control directive configuration that accepts a duration value in seconds.
type RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersSMaxageSetDirective struct{…}Set the directive with a duration value in seconds.
Set the directive with a duration value in seconds.
Operation RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersSMaxageSetDirectiveOperationThe operation to perform on the cache-control directive.
The operation to perform on the cache-control directive.
type RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersSMaxageRemoveDirective struct{…}Remove the directive.
Remove the directive.
Operation RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersSMaxageRemoveDirectiveOperationThe operation to perform on the cache-control directive.
The operation to perform on the cache-control directive.
StaleIfError RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersStaleIfErroroptionalA cache-control directive configuration that accepts a duration value in seconds.
A cache-control directive configuration that accepts a duration value in seconds.
type RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersStaleIfErrorSetDirective struct{…}Set the directive with a duration value in seconds.
Set the directive with a duration value in seconds.
Operation RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersStaleIfErrorSetDirectiveOperationThe operation to perform on the cache-control directive.
The operation to perform on the cache-control directive.
type RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersStaleIfErrorRemoveDirective struct{…}Remove the directive.
Remove the directive.
Operation RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersStaleIfErrorRemoveDirectiveOperationThe operation to perform on the cache-control directive.
The operation to perform on the cache-control directive.
StaleWhileRevalidate RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersStaleWhileRevalidateoptionalA cache-control directive configuration that accepts a duration value in seconds.
A cache-control directive configuration that accepts a duration value in seconds.
type RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersStaleWhileRevalidateSetDirective struct{…}Set the directive with a duration value in seconds.
Set the directive with a duration value in seconds.
Operation RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersStaleWhileRevalidateSetDirectiveOperationThe operation to perform on the cache-control directive.
The operation to perform on the cache-control directive.
type RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersStaleWhileRevalidateRemoveDirective struct{…}Remove the directive.
Remove the directive.
Operation RuleNewResponseRulesRulesetsSetCacheControlRuleActionParametersStaleWhileRevalidateRemoveDirectiveOperationThe operation to perform on the cache-control directive.
The operation to perform on the cache-control directive.
ExposedCredentialCheck RuleNewResponseRulesRulesetsSetCacheControlRuleExposedCredentialCheckoptionalConfiguration for exposed credential checking.
Configuration for exposed credential checking.
Ratelimit RuleNewResponseRulesRulesetsSetCacheControlRuleRatelimitoptionalAn object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
type SetCacheSettingsRule struct{…}
ActionParameters SetCacheSettingsRuleActionParametersoptionalThe parameters configuring the rule's action.
The parameters configuring the rule's action.
A list of additional ports that caching should be enabled on.
BrowserTTL SetCacheSettingsRuleActionParametersBrowserTTLoptionalHow long client browsers should cache the response. Cloudflare cache purge will not purge content cached on client browsers, so high browser TTLs may lead to stale content.
How long client browsers should cache the response. Cloudflare cache purge will not purge content cached on client browsers, so high browser TTLs may lead to stale content.
Mode SetCacheSettingsRuleActionParametersBrowserTTLModeThe browser TTL mode.
The browser TTL mode.
Whether the request's response from the origin is eligible for caching. Caching itself will still depend on the cache control header and your other caching configurations.
CacheKey SetCacheSettingsRuleActionParametersCacheKeyoptionalWhich components of the request are included in or excluded from the cache key Cloudflare uses to store the response in cache.
Which components of the request are included in or excluded from the cache key Cloudflare uses to store the response in cache.
Whether to separate cached content based on the visitor's device type.
Whether to protect from web cache deception attacks, while allowing static assets to be cached.
CustomKey SetCacheSettingsRuleActionParametersCacheKeyCustomKeyoptionalWhich components of the request are included or excluded from the cache key.
Which components of the request are included or excluded from the cache key.
Cookie SetCacheSettingsRuleActionParametersCacheKeyCustomKeyCookieoptionalWhich cookies to include in the cache key.
Which cookies to include in the cache key.
Header SetCacheSettingsRuleActionParametersCacheKeyCustomKeyHeaderoptionalWhich headers to include in the cache key.
Which headers to include in the cache key.
A list of headers to check for the presence of. The presence of these headers is included in the cache key.
Host SetCacheSettingsRuleActionParametersCacheKeyCustomKeyHostoptionalHow to use the host in the cache key.
How to use the host in the cache key.
QueryString SetCacheSettingsRuleActionParametersCacheKeyCustomKeyQueryStringoptionalWhich query string parameters to include in or exclude from the cache key.
Which query string parameters to include in or exclude from the cache key.
CacheReserve SetCacheSettingsRuleActionParametersCacheReserveoptionalSettings to determine whether the request's response from origin is eligible for Cache Reserve (requires a Cache Reserve add-on plan).
Settings to determine whether the request's response from origin is eligible for Cache Reserve (requires a Cache Reserve add-on plan).
EdgeTTL SetCacheSettingsRuleActionParametersEdgeTTLoptionalHow long the Cloudflare edge network should cache the response.
How long the Cloudflare edge network should cache the response.
Mode SetCacheSettingsRuleActionParametersEdgeTTLModeThe edge TTL mode.
The edge TTL mode.
StatusCodeTTL []SetCacheSettingsRuleActionParametersEdgeTTLStatusCodeTTLoptionalA list of TTLs to apply to specific status codes or status code ranges.
A list of TTLs to apply to specific status codes or status code ranges.
Whether to generate Cloudflare error pages for issues from the origin server.
A timeout value between two successive read operations to use for your origin server. Historically, the timeout value between two read options from Cloudflare to an origin server is 100 seconds. If you are attempting to reduce HTTP 524 errors because of timeouts from an origin server, try increasing this timeout value.
Whether Cloudflare should respect strong ETag (entity tag) headers. If false, Cloudflare converts strong ETag headers to weak ETag headers.
ServeStale SetCacheSettingsRuleActionParametersServeStaleoptionalWhen to serve stale content from cache.
When to serve stale content from cache.
SharedDictionary SetCacheSettingsRuleActionParametersSharedDictionaryoptionalConfiguration for shared dictionary compression. When set, Cloudflare injects Use-As-Dictionary headers on matching cacheable responses.
Configuration for shared dictionary compression. When set, Cloudflare injects Use-As-Dictionary headers on matching cacheable responses.
ExposedCredentialCheck SetCacheSettingsRuleExposedCredentialCheckoptionalConfiguration for exposed credential checking.
Configuration for exposed credential checking.
Ratelimit SetCacheSettingsRuleRatelimitoptionalAn object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
type RuleNewResponseRulesRulesetsSetCacheTagsRule struct{…}
The action to perform when the rule matches.
ActionParameters RuleNewResponseRulesRulesetsSetCacheTagsRuleActionParametersoptionalThe parameters configuring the rule's action.
The parameters configuring the rule's action.
type RuleNewResponseRulesRulesetsSetCacheTagsRuleActionParametersAddCacheTagsValues struct{…}Add cache tags using a list of values.
Add cache tags using a list of values.
Operation RuleNewResponseRulesRulesetsSetCacheTagsRuleActionParametersAddCacheTagsValuesOperationThe operation to perform on the cache tags.
The operation to perform on the cache tags.
type RuleNewResponseRulesRulesetsSetCacheTagsRuleActionParametersAddCacheTagsExpression struct{…}Add cache tags using an expression.
Add cache tags using an expression.
Operation RuleNewResponseRulesRulesetsSetCacheTagsRuleActionParametersAddCacheTagsExpressionOperationThe operation to perform on the cache tags.
The operation to perform on the cache tags.
type RuleNewResponseRulesRulesetsSetCacheTagsRuleActionParametersRemoveCacheTagsValues struct{…}Remove cache tags using a list of values.
Remove cache tags using a list of values.
Operation RuleNewResponseRulesRulesetsSetCacheTagsRuleActionParametersRemoveCacheTagsValuesOperationThe operation to perform on the cache tags.
The operation to perform on the cache tags.
type RuleNewResponseRulesRulesetsSetCacheTagsRuleActionParametersRemoveCacheTagsExpression struct{…}Remove cache tags using an expression.
Remove cache tags using an expression.
Operation RuleNewResponseRulesRulesetsSetCacheTagsRuleActionParametersRemoveCacheTagsExpressionOperationThe operation to perform on the cache tags.
The operation to perform on the cache tags.
type RuleNewResponseRulesRulesetsSetCacheTagsRuleActionParametersSetCacheTagsValues struct{…}Set cache tags using a list of values.
Set cache tags using a list of values.
Operation RuleNewResponseRulesRulesetsSetCacheTagsRuleActionParametersSetCacheTagsValuesOperationThe operation to perform on the cache tags.
The operation to perform on the cache tags.
type RuleNewResponseRulesRulesetsSetCacheTagsRuleActionParametersSetCacheTagsExpression struct{…}Set cache tags using an expression.
Set cache tags using an expression.
Operation RuleNewResponseRulesRulesetsSetCacheTagsRuleActionParametersSetCacheTagsExpressionOperationThe operation to perform on the cache tags.
The operation to perform on the cache tags.
ExposedCredentialCheck RuleNewResponseRulesRulesetsSetCacheTagsRuleExposedCredentialCheckoptionalConfiguration for exposed credential checking.
Configuration for exposed credential checking.
Ratelimit RuleNewResponseRulesRulesetsSetCacheTagsRuleRatelimitoptionalAn object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
type SetConfigRule struct{…}
ActionParameters SetConfigRuleActionParametersoptionalThe parameters configuring the rule's action.
The parameters configuring the rule's action.
Autominify SetConfigRuleActionParametersAutominifyoptionalWhich file extensions to minify automatically.
Which file extensions to minify automatically.
Whether to disable Cloudflare Apps.
Whether to disable Pay Per Crawl.
Whether to disable Real User Monitoring (RUM).
Whether to enable Mirage.
Polish SetConfigRuleActionParametersPolishoptionalThe Polish level to configure.
The Polish level to configure.
Whether to redirect verified AI training crawlers to canonical URLs found in the HTML response.
RequestBodyBuffering SetConfigRuleActionParametersRequestBodyBufferingoptionalThe request body buffering mode.
The request body buffering mode.
ResponseBodyBuffering SetConfigRuleActionParametersResponseBodyBufferingoptionalThe response body buffering mode.
The response body buffering mode.
SecurityLevel SetConfigRuleActionParametersSecurityLeveloptionalThe Security Level to configure.
The Security Level to configure.
ExposedCredentialCheck SetConfigRuleExposedCredentialCheckoptionalConfiguration for exposed credential checking.
Configuration for exposed credential checking.
Ratelimit SetConfigRuleRatelimitoptionalAn object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
type SkipRule struct{…}
ActionParameters SkipRuleActionParametersoptionalThe parameters configuring the rule's action.
The parameters configuring the rule's action.
A phase to skip the execution of. This option is only compatible with the products option.
A list of phases to skip the execution of. This option is incompatible with the rulesets option.
A list of phases to skip the execution of. This option is incompatible with the rulesets option.
Products []SkipRuleActionParametersProductoptionalA list of legacy security products to skip the execution of.
A list of legacy security products to skip the execution of.
A mapping of ruleset IDs to a list of rule IDs in that ruleset to skip the execution of. This option is incompatible with the ruleset option.
ExposedCredentialCheck SkipRuleExposedCredentialCheckoptionalConfiguration for exposed credential checking.
Configuration for exposed credential checking.
Ratelimit SkipRuleRatelimitoptionalAn object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
Create an account or zone ruleset rule
package main
import (
"context"
"fmt"
"github.com/cloudflare/cloudflare-go"
"github.com/cloudflare/cloudflare-go/option"
"github.com/cloudflare/cloudflare-go/rulesets"
)
func main() {
client := cloudflare.NewClient(
option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
)
rule, err := client.Rulesets.Rules.New(
context.TODO(),
"2f2feab2026849078ba485f918791bdc",
rulesets.RuleNewParams{
Body: rulesets.RuleNewParamsBodyBlockRule(rulesets.RuleNewParamsBodyBlockRule{
BlockRuleParam: rulesets.BlockRuleParam{
},
}),
},
)
if err != nil {
panic(err.Error())
}
fmt.Printf("%+v\n", rule.ID)
}
{
"errors": [
{
"message": "something bad happened",
"code": 10000,
"source": {
"pointer": "/rules/0/action"
}
}
],
"messages": [
{
"message": "something bad happened",
"code": 10000,
"source": {
"pointer": "/rules/0/action"
}
}
],
"result": {
"id": "2f2feab2026849078ba485f918791bdc",
"kind": "root",
"last_updated": "2000-01-01T00:00:00.000000Z",
"name": "My ruleset",
"phase": "http_request_firewall_custom",
"rules": [
{
"last_updated": "2000-01-01T00:00:00.000000Z",
"version": "1",
"id": "3a03d665bac047339bb530ecb439a90d",
"action": "block",
"action_parameters": {
"response": {
"content": "{\n \"success\": false,\n \"error\": \"you have been blocked\"\n}",
"content_type": "application/json",
"status_code": 400
}
},
"categories": [
"directory-traversal"
],
"description": "Block the request.",
"enabled": true,
"exposed_credential_check": {
"password_expression": "url_decode(http.request.body.form[\\\"password\\\"][0])",
"username_expression": "url_decode(http.request.body.form[\\\"username\\\"][0])"
},
"expression": "ip.src eq 1.1.1.1",
"logging": {
"enabled": true
},
"ratelimit": {
"characteristics": [
"cf.colo.id"
],
"period": 60,
"counting_expression": "http.request.body.raw eq \"abcd\"",
"mitigation_timeout": 600,
"requests_per_period": 1000,
"requests_to_origin": true,
"score_per_period": 400,
"score_response_header_name": "my-score"
},
"ref": "my_ref"
}
],
"version": "1",
"description": "A description for my ruleset."
},
"success": true
}Returns Examples
{
"errors": [
{
"message": "something bad happened",
"code": 10000,
"source": {
"pointer": "/rules/0/action"
}
}
],
"messages": [
{
"message": "something bad happened",
"code": 10000,
"source": {
"pointer": "/rules/0/action"
}
}
],
"result": {
"id": "2f2feab2026849078ba485f918791bdc",
"kind": "root",
"last_updated": "2000-01-01T00:00:00.000000Z",
"name": "My ruleset",
"phase": "http_request_firewall_custom",
"rules": [
{
"last_updated": "2000-01-01T00:00:00.000000Z",
"version": "1",
"id": "3a03d665bac047339bb530ecb439a90d",
"action": "block",
"action_parameters": {
"response": {
"content": "{\n \"success\": false,\n \"error\": \"you have been blocked\"\n}",
"content_type": "application/json",
"status_code": 400
}
},
"categories": [
"directory-traversal"
],
"description": "Block the request.",
"enabled": true,
"exposed_credential_check": {
"password_expression": "url_decode(http.request.body.form[\\\"password\\\"][0])",
"username_expression": "url_decode(http.request.body.form[\\\"username\\\"][0])"
},
"expression": "ip.src eq 1.1.1.1",
"logging": {
"enabled": true
},
"ratelimit": {
"characteristics": [
"cf.colo.id"
],
"period": 60,
"counting_expression": "http.request.body.raw eq \"abcd\"",
"mitigation_timeout": 600,
"requests_per_period": 1000,
"requests_to_origin": true,
"score_per_period": 400,
"score_response_header_name": "my-score"
},
"ref": "my_ref"
}
],
"version": "1",
"description": "A description for my ruleset."
},
"success": true
}