Skip to content
Cloudflare API
Start here
API Reference
Firewall
WAF
Overrides

Create a WAF override

Deprecated
firewall.waf.overrides.create(OverrideCreateParams**kwargs) -> Override
POST/zones/{zone_id}/firewall/waf/overrides

Creates a URI-based WAF override for a zone.

Note: Applies only to the previous version of WAF managed rules.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
Zone Settings Write
ParametersExpand Collapse
zone_id: str

Defines an identifier.

maxLength32
urls: SequenceNotStr[OverrideURL]

The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns.

ReturnsExpand Collapse
class Override:
id: Optional[str]

The unique identifier of the WAF override.

maxLength32
description: Optional[str]

An informative summary of the current URI-based WAF override.

maxLength1024
groups: Optional[Dict[str, object]]

An object that allows you to enable or disable WAF rule groups for the current WAF override. Each key of this object must be the ID of a WAF rule group, and each value must be a valid WAF action (usually default or disable). When creating a new URI-based WAF override, you must provide a groups object or a rules object.

paused: Optional[bool]

When true, indicates that the rule is currently paused.

priority: Optional[float]

The relative priority of the current URI-based WAF override when multiple overrides match a single URL. A lower number indicates higher priority. Higher priority overrides may overwrite values set by lower priority overrides.

maximum1000000000
minimum-1000000000
rewrite_action: Optional[RewriteAction]

Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object.

block: Optional[Literal["challenge", "block", "simulate", 2 more]]

The WAF rule action to apply.

One of the following:
"challenge"
"block"
"simulate"
"disable"
"default"
challenge: Optional[Literal["challenge", "block", "simulate", 2 more]]

The WAF rule action to apply.

One of the following:
"challenge"
"block"
"simulate"
"disable"
"default"
default: Optional[Literal["challenge", "block", "simulate", 2 more]]

The WAF rule action to apply.

One of the following:
"challenge"
"block"
"simulate"
"disable"
"default"
disable: Optional[Literal["challenge", "block", "simulate", 2 more]]

The WAF rule action to apply.

One of the following:
"challenge"
"block"
"simulate"
"disable"
"default"
simulate: Optional[Literal["challenge", "block", "simulate", 2 more]]

The WAF rule action to apply.

One of the following:
"challenge"
"block"
"simulate"
"disable"
"default"
rules: Optional[WAFRule]

An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a groups object or a rules object.

One of the following:
"challenge"
"block"
"simulate"
"disable"
"default"
urls: Optional[List[OverrideURL]]

The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns.

Create a WAF override

import os
from cloudflare import Cloudflare

client = Cloudflare(
    api_token=os.environ.get("CLOUDFLARE_API_TOKEN"),  # This is the default and can be omitted
)
override = client.firewall.waf.overrides.create(
    zone_id="023e105f4ecef8ad9ca31a8372d0c353",
    urls=["shop.example.com/*"],
)
print(override.id)
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "id": "de677e5818985db1285d0e80225f06e5",
    "description": "Enable Cloudflare Magento ruleset for shop.example.com",
    "groups": {
      "ea8687e59929c1fd05ba97574ad43f77": "bar"
    },
    "paused": true,
    "priority": 1,
    "rewrite_action": {
      "block": "challenge",
      "challenge": "challenge",
      "default": "challenge",
      "disable": "challenge",
      "simulate": "challenge"
    },
    "rules": {
      "100015": "disable"
    },
    "urls": [
      "shop.example.com/*"
    ]
  },
  "success": true
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "id": "de677e5818985db1285d0e80225f06e5",
    "description": "Enable Cloudflare Magento ruleset for shop.example.com",
    "groups": {
      "ea8687e59929c1fd05ba97574ad43f77": "bar"
    },
    "paused": true,
    "priority": 1,
    "rewrite_action": {
      "block": "challenge",
      "challenge": "challenge",
      "default": "challenge",
      "disable": "challenge",
      "simulate": "challenge"
    },
    "rules": {
      "100015": "disable"
    },
    "urls": [
      "shop.example.com/*"
    ]
  },
  "success": true
}