Get an account or zone ruleset version
Fetches a specific version of an account or zone ruleset.
Security
API Token
The preferred authorization scheme for interacting with the Cloudflare API. Create a token.
Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYYAPI Email + API Key
The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.
X-Auth-Email: user@example.comThe previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.
X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194Accepted Permissions (at least one required)
Mass URL Redirects WriteMass URL Redirects ReadMagic Firewall WriteMagic Firewall ReadL4 DDoS Managed Ruleset WriteL4 DDoS Managed Ruleset ReadTransform Rules WriteTransform Rules ReadSelect Configuration WriteSelect Configuration ReadAccount WAF WriteAccount WAF ReadAccount Rulesets ReadAccount Rulesets WriteLogs WriteLogs ReadParametersExpand Collapse
ReturnsExpand Collapse
VersionGetResponse { id, kind, last_updated, 5 more } A ruleset object.
A ruleset object.
rules: Array<BlockRule { last_updated, version, id, 10 more } | RulesetsChallengeRule { last_updated, version, id, 10 more } | CompressResponseRule { last_updated, version, id, 10 more } | 17 more>The list of rules in the ruleset.
The list of rules in the ruleset.
BlockRule { last_updated, version, id, 10 more }
exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression } Configuration for exposed credential checking.
Configuration for exposed credential checking.
ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more } An object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
RulesetsChallengeRule { last_updated, version, id, 10 more }
exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression } Configuration for exposed credential checking.
Configuration for exposed credential checking.
ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more } An object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
CompressResponseRule { last_updated, version, id, 10 more }
exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression } Configuration for exposed credential checking.
Configuration for exposed credential checking.
ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more } An object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
DDoSDynamicRule { last_updated, version, id, 10 more }
exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression } Configuration for exposed credential checking.
Configuration for exposed credential checking.
ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more } An object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
ExecuteRule { last_updated, version, id, 10 more }
action_parameters?: ActionParameters { id, matched_data, overrides } The parameters configuring the rule's action.
The parameters configuring the rule's action.
overrides?: Overrides { action, categories, enabled, 2 more } A set of overrides to apply to the target ruleset.
A set of overrides to apply to the target ruleset.
An action to override all rules with. This option has lower precedence than rule and category overrides.
categories?: Array<Category>A list of category-level overrides. This option has the second-highest precedence after rule-level overrides.
A list of category-level overrides. This option has the second-highest precedence after rule-level overrides.
Whether to enable execution of all rules. This option has lower precedence than rule and category overrides.
exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression } Configuration for exposed credential checking.
Configuration for exposed credential checking.
ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more } An object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
ForceConnectionCloseRule { last_updated, version, id, 10 more }
exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression } Configuration for exposed credential checking.
Configuration for exposed credential checking.
ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more } An object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
RulesetsJSChallengeRule { last_updated, version, id, 10 more }
exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression } Configuration for exposed credential checking.
Configuration for exposed credential checking.
ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more } An object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
LogRule { last_updated, version, id, 10 more }
exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression } Configuration for exposed credential checking.
Configuration for exposed credential checking.
ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more } An object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
LogCustomFieldRule { last_updated, version, id, 10 more }
action_parameters?: ActionParameters { cookie_fields, raw_response_fields, request_fields, 2 more } The parameters configuring the rule's action.
The parameters configuring the rule's action.
exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression } Configuration for exposed credential checking.
Configuration for exposed credential checking.
ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more } An object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
ManagedChallengeRule { last_updated, version, id, 10 more }
exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression } Configuration for exposed credential checking.
Configuration for exposed credential checking.
ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more } An object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
RedirectRule { last_updated, version, id, 10 more }
action_parameters?: ActionParameters { from_list, from_value } The parameters configuring the rule's action.
The parameters configuring the rule's action.
exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression } Configuration for exposed credential checking.
Configuration for exposed credential checking.
ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more } An object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
RewriteRule { last_updated, version, id, 10 more }
action_parameters?: ActionParameters { headers, uri } The parameters configuring the rule's action.
The parameters configuring the rule's action.
headers?: Record<string, AddStaticHeader { operation, value } | AddDynamicHeader { expression, operation } | SetStaticHeader { operation, value } | 2 more>A map of headers to rewrite.
A map of headers to rewrite.
exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression } Configuration for exposed credential checking.
Configuration for exposed credential checking.
ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more } An object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
RouteRule { last_updated, version, id, 10 more }
action_parameters?: ActionParameters { host_header, origin, sni } The parameters configuring the rule's action.
The parameters configuring the rule's action.
exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression } Configuration for exposed credential checking.
Configuration for exposed credential checking.
ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more } An object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
ScoreRule { last_updated, version, id, 10 more }
exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression } Configuration for exposed credential checking.
Configuration for exposed credential checking.
ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more } An object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
ServeErrorRule { last_updated, version, id, 10 more }
action_parameters?: ActionParametersContent { content, content_type, status_code } | ActionParametersAsset { asset_name, content_type, status_code } The parameters configuring the rule's action.
The parameters configuring the rule's action.
ActionParametersContent { content, content_type, status_code }
exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression } Configuration for exposed credential checking.
Configuration for exposed credential checking.
ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more } An object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
RulesetsSetCacheControlRule { last_updated, version, id, 10 more }
action_parameters?: ActionParameters { immutable, max-age, must-revalidate, 10 more } The parameters configuring the rule's action.
The parameters configuring the rule's action.
immutable?: SetDirective { operation, cloudflare_only } | RemoveDirective { operation, cloudflare_only } A cache-control directive configuration.
A cache-control directive configuration.
"max-age"?: SetDirective { operation, value, cloudflare_only } | RemoveDirective { operation, cloudflare_only } A cache-control directive configuration that accepts a duration value in seconds.
A cache-control directive configuration that accepts a duration value in seconds.
"must-revalidate"?: SetDirective { operation, cloudflare_only } | RemoveDirective { operation, cloudflare_only } A cache-control directive configuration.
A cache-control directive configuration.
"must-understand"?: SetDirective { operation, cloudflare_only } | RemoveDirective { operation, cloudflare_only } A cache-control directive configuration.
A cache-control directive configuration.
"no-cache"?: SetDirective { operation, cloudflare_only, qualifiers } | RemoveDirective { operation, cloudflare_only } A cache-control directive configuration that accepts optional qualifiers (header names).
A cache-control directive configuration that accepts optional qualifiers (header names).
"no-store"?: SetDirective { operation, cloudflare_only } | RemoveDirective { operation, cloudflare_only } A cache-control directive configuration.
A cache-control directive configuration.
"no-transform"?: SetDirective { operation, cloudflare_only } | RemoveDirective { operation, cloudflare_only } A cache-control directive configuration.
A cache-control directive configuration.
private?: SetDirective { operation, cloudflare_only, qualifiers } | RemoveDirective { operation, cloudflare_only } A cache-control directive configuration that accepts optional qualifiers (header names).
A cache-control directive configuration that accepts optional qualifiers (header names).
"proxy-revalidate"?: SetDirective { operation, cloudflare_only } | RemoveDirective { operation, cloudflare_only } A cache-control directive configuration.
A cache-control directive configuration.
public?: SetDirective { operation, cloudflare_only } | RemoveDirective { operation, cloudflare_only } A cache-control directive configuration.
A cache-control directive configuration.
"s-maxage"?: SetDirective { operation, value, cloudflare_only } | RemoveDirective { operation, cloudflare_only } A cache-control directive configuration that accepts a duration value in seconds.
A cache-control directive configuration that accepts a duration value in seconds.
"stale-if-error"?: SetDirective { operation, value, cloudflare_only } | RemoveDirective { operation, cloudflare_only } A cache-control directive configuration that accepts a duration value in seconds.
A cache-control directive configuration that accepts a duration value in seconds.
"stale-while-revalidate"?: SetDirective { operation, value, cloudflare_only } | RemoveDirective { operation, cloudflare_only } A cache-control directive configuration that accepts a duration value in seconds.
A cache-control directive configuration that accepts a duration value in seconds.
exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression } Configuration for exposed credential checking.
Configuration for exposed credential checking.
ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more } An object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
SetCacheSettingsRule { last_updated, version, id, 10 more }
action_parameters?: ActionParameters { additional_cacheable_ports, browser_ttl, cache, 12 more } The parameters configuring the rule's action.
The parameters configuring the rule's action.
A list of additional ports that caching should be enabled on.
browser_ttl?: BrowserTTL { mode, default } How long client browsers should cache the response. Cloudflare cache purge will not purge content cached on client browsers, so high browser TTLs may lead to stale content.
How long client browsers should cache the response. Cloudflare cache purge will not purge content cached on client browsers, so high browser TTLs may lead to stale content.
Whether the request's response from the origin is eligible for caching. Caching itself will still depend on the cache control header and your other caching configurations.
cache_key?: CacheKey { cache_by_device_type, cache_deception_armor, custom_key, ignore_query_strings_order } Which components of the request are included in or excluded from the cache key Cloudflare uses to store the response in cache.
Which components of the request are included in or excluded from the cache key Cloudflare uses to store the response in cache.
Whether to separate cached content based on the visitor's device type.
Whether to protect from web cache deception attacks, while allowing static assets to be cached.
custom_key?: CustomKey { cookie, header, host, 2 more } Which components of the request are included or excluded from the cache key.
Which components of the request are included or excluded from the cache key.
header?: Header { check_presence, contains, exclude_origin, include } Which headers to include in the cache key.
Which headers to include in the cache key.
A list of headers to check for the presence of. The presence of these headers is included in the cache key.
query_string?: QueryString { exclude, include } Which query string parameters to include in or exclude from the cache key.
Which query string parameters to include in or exclude from the cache key.
cache_reserve?: CacheReserve { eligible, minimum_file_size } Settings to determine whether the request's response from origin is eligible for Cache Reserve (requires a Cache Reserve add-on plan).
Settings to determine whether the request's response from origin is eligible for Cache Reserve (requires a Cache Reserve add-on plan).
edge_ttl?: EdgeTTL { mode, default, status_code_ttl } How long the Cloudflare edge network should cache the response.
How long the Cloudflare edge network should cache the response.
status_code_ttl?: Array<StatusCodeTTL>A list of TTLs to apply to specific status codes or status code ranges.
A list of TTLs to apply to specific status codes or status code ranges.
Whether to generate Cloudflare error pages for issues from the origin server.
A timeout value between two successive read operations to use for your origin server. Historically, the timeout value between two read options from Cloudflare to an origin server is 100 seconds. If you are attempting to reduce HTTP 524 errors because of timeouts from an origin server, try increasing this timeout value.
Whether Cloudflare should respect strong ETag (entity tag) headers. If false, Cloudflare converts strong ETag headers to weak ETag headers.
shared_dictionary?: SharedDictionary { match_pattern } Configuration for shared dictionary compression. When set, Cloudflare injects Use-As-Dictionary headers on matching cacheable responses.
Configuration for shared dictionary compression. When set, Cloudflare injects Use-As-Dictionary headers on matching cacheable responses.
exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression } Configuration for exposed credential checking.
Configuration for exposed credential checking.
ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more } An object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
RulesetsSetCacheTagsRule { last_updated, version, id, 10 more }
action_parameters?: AddCacheTagsValues { operation, values } | AddCacheTagsExpression { expression, operation } | RemoveCacheTagsValues { operation, values } | 3 moreThe parameters configuring the rule's action.
The parameters configuring the rule's action.
exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression } Configuration for exposed credential checking.
Configuration for exposed credential checking.
ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more } An object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
SetConfigRule { last_updated, version, id, 10 more }
action_parameters?: ActionParameters { automatic_https_rewrites, autominify, bic, 19 more } The parameters configuring the rule's action.
The parameters configuring the rule's action.
Whether to enable Mirage.
Whether to redirect verified AI training crawlers to canonical URLs found in the HTML response.
exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression } Configuration for exposed credential checking.
Configuration for exposed credential checking.
ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more } An object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
SkipRule { last_updated, version, id, 10 more }
action_parameters?: ActionParameters { phase, phases, products, 3 more } The parameters configuring the rule's action.
The parameters configuring the rule's action.
A phase to skip the execution of. This option is only compatible with the products option.
A list of phases to skip the execution of. This option is incompatible with the rulesets option.
A list of phases to skip the execution of. This option is incompatible with the rulesets option.
products?: Array<"bic" | "hot" | "rateLimit" | 4 more>A list of legacy security products to skip the execution of.
A list of legacy security products to skip the execution of.
A mapping of ruleset IDs to a list of rule IDs in that ruleset to skip the execution of. This option is incompatible with the ruleset option.
exposed_credential_check?: ExposedCredentialCheck { password_expression, username_expression } Configuration for exposed credential checking.
Configuration for exposed credential checking.
ratelimit?: Ratelimit { characteristics, period, counting_expression, 5 more } An object configuring the rule's rate limit behavior.
An object configuring the rule's rate limit behavior.
Characteristics of the request on which the rate limit counter will be incremented.
An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
Period of time in seconds after which the action will be disabled following its first execution.
The threshold of requests per period after which the action will be executed for the first time.
Get an account or zone ruleset version
import Cloudflare from 'cloudflare';
const client = new Cloudflare({
apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});
const version = await client.rulesets.versions.get('2f2feab2026849078ba485f918791bdc', '1', {
account_id: 'account_id',
});
console.log(version.id);{
"errors": [
{
"message": "something bad happened",
"code": 10000,
"source": {
"pointer": "/rules/0/action"
}
}
],
"messages": [
{
"message": "something bad happened",
"code": 10000,
"source": {
"pointer": "/rules/0/action"
}
}
],
"result": {
"id": "2f2feab2026849078ba485f918791bdc",
"kind": "root",
"last_updated": "2000-01-01T00:00:00.000000Z",
"name": "My ruleset",
"phase": "http_request_firewall_custom",
"rules": [
{
"last_updated": "2000-01-01T00:00:00.000000Z",
"version": "1",
"id": "3a03d665bac047339bb530ecb439a90d",
"action": "block",
"action_parameters": {
"response": {
"content": "{\n \"success\": false,\n \"error\": \"you have been blocked\"\n}",
"content_type": "application/json",
"status_code": 400
}
},
"categories": [
"directory-traversal"
],
"description": "Block the request.",
"enabled": true,
"exposed_credential_check": {
"password_expression": "url_decode(http.request.body.form[\\\"password\\\"][0])",
"username_expression": "url_decode(http.request.body.form[\\\"username\\\"][0])"
},
"expression": "ip.src eq 1.1.1.1",
"logging": {
"enabled": true
},
"ratelimit": {
"characteristics": [
"cf.colo.id"
],
"period": 60,
"counting_expression": "http.request.body.raw eq \"abcd\"",
"mitigation_timeout": 600,
"requests_per_period": 1000,
"requests_to_origin": true,
"score_per_period": 400,
"score_response_header_name": "my-score"
},
"ref": "my_ref"
}
],
"version": "1",
"description": "A description for my ruleset."
},
"success": true
}Returns Examples
{
"errors": [
{
"message": "something bad happened",
"code": 10000,
"source": {
"pointer": "/rules/0/action"
}
}
],
"messages": [
{
"message": "something bad happened",
"code": 10000,
"source": {
"pointer": "/rules/0/action"
}
}
],
"result": {
"id": "2f2feab2026849078ba485f918791bdc",
"kind": "root",
"last_updated": "2000-01-01T00:00:00.000000Z",
"name": "My ruleset",
"phase": "http_request_firewall_custom",
"rules": [
{
"last_updated": "2000-01-01T00:00:00.000000Z",
"version": "1",
"id": "3a03d665bac047339bb530ecb439a90d",
"action": "block",
"action_parameters": {
"response": {
"content": "{\n \"success\": false,\n \"error\": \"you have been blocked\"\n}",
"content_type": "application/json",
"status_code": 400
}
},
"categories": [
"directory-traversal"
],
"description": "Block the request.",
"enabled": true,
"exposed_credential_check": {
"password_expression": "url_decode(http.request.body.form[\\\"password\\\"][0])",
"username_expression": "url_decode(http.request.body.form[\\\"username\\\"][0])"
},
"expression": "ip.src eq 1.1.1.1",
"logging": {
"enabled": true
},
"ratelimit": {
"characteristics": [
"cf.colo.id"
],
"period": 60,
"counting_expression": "http.request.body.raw eq \"abcd\"",
"mitigation_timeout": 600,
"requests_per_period": 1000,
"requests_to_origin": true,
"score_per_period": 400,
"score_response_header_name": "my-score"
},
"ref": "my_ref"
}
],
"version": "1",
"description": "A description for my ruleset."
},
"success": true
}