Skip to content
Cloudflare API
Start here
API Reference
Rulesets
Phases

Update an account or zone entry point ruleset

rulesets.phases.update(Phaseruleset_phase, PhaseUpdateParams**kwargs) -> PhaseUpdateResponse
PUT/{accounts_or_zones}/{account_or_zone_id}/rulesets/phases/{ruleset_phase}/entrypoint

Updates an account or zone entry point ruleset, creating a new version.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
Mass URL Redirects WriteMagic Firewall WriteL4 DDoS Managed Ruleset WriteTransform Rules WriteSelect Configuration WriteAccount WAF WriteAccount Rulesets WriteLogs Write
ParametersExpand Collapse
ruleset_phase: Phase

The phase of the ruleset.

One of the following:
"ddos_l4"
"ddos_l7"
"http_config_settings"
"http_custom_errors"
"http_log_custom_fields"
"http_ratelimit"
"http_request_cache_settings"
"http_request_dynamic_redirect"
"http_request_firewall_custom"
"http_request_firewall_managed"
"http_request_late_transform"
"http_request_origin"
"http_request_redirect"
"http_request_sanitize"
"http_request_sbfm"
"http_request_transform"
"http_response_cache_settings"
"http_response_compression"
"http_response_firewall_managed"
"http_response_headers_transform"
"magic_transit"
"magic_transit_ids_managed"
"magic_transit_managed"
"magic_transit_ratelimit"
account_id: Optional[str]

The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.

zone_id: Optional[str]

The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

description: Optional[str]

An informative description of the ruleset.

name: Optional[str]

The human-readable name of the ruleset.

minLength1
rules: Optional[Iterable[Rule]]

The list of rules in the ruleset.

One of the following:
class BlockRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["block"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

response: Optional[ActionParametersResponse]

The response to show when the block is applied.

content: str

The content to return.

minLength1
content_type: str

The type of the content to return.

minLength1
status_code: int

The status code to return.

maximum499
minimum400
categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class RuleRulesetsChallengeRule:
last_updated: Union[str, datetime]

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["challenge"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[SequenceNotStr[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[RuleRulesetsChallengeRuleExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[LoggingParam]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[RuleRulesetsChallengeRuleRatelimit]

An object configuring the rule's rate limit behavior.

characteristics: SequenceNotStr[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class CompressResponseRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["compress_response"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

algorithms: List[ActionParametersAlgorithm]

Custom order for compression algorithms.

name: Optional[Literal["none", "auto", "default", 3 more]]

Name of the compression algorithm to enable.

One of the following:
"none"
"auto"
"default"
"gzip"
"brotli"
"zstd"
categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class DDoSDynamicRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["ddos_dynamic"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class ExecuteRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["execute"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

id: str

The ID of the ruleset to execute.

matched_data: Optional[ActionParametersMatchedData]

The configuration to use for matched data logging.

public_key: str

The public key to encrypt matched data logs with.

minLength1
overrides: Optional[ActionParametersOverrides]

A set of overrides to apply to the target ruleset.

action: Optional[str]

An action to override all rules with. This option has lower precedence than rule and category overrides.

categories: Optional[List[ActionParametersOverridesCategory]]

A list of category-level overrides. This option has the second-highest precedence after rule-level overrides.

category: str

The name of the category to override.

minLength1
action: Optional[str]

The action to override rules in the category with.

enabled: Optional[bool]

Whether to enable execution of rules in the category.

sensitivity_level: Optional[Literal["default", "medium", "low", "eoff"]]

The sensitivity level to use for rules in the category. This option is only applicable for DDoS phases.

One of the following:
"default"
"medium"
"low"
"eoff"
enabled: Optional[bool]

Whether to enable execution of all rules. This option has lower precedence than rule and category overrides.

rules: Optional[List[ActionParametersOverridesRule]]

A list of rule-level overrides. This option has the highest precedence.

id: str

The ID of the rule to override.

action: Optional[str]

The action to override the rule with.

enabled: Optional[bool]

Whether to enable execution of the rule.

score_threshold: Optional[int]

The score threshold to use for the rule.

sensitivity_level: Optional[Literal["default", "medium", "low", "eoff"]]

The sensitivity level to use for the rule. This option is only applicable for DDoS phases.

One of the following:
"default"
"medium"
"low"
"eoff"
sensitivity_level: Optional[Literal["default", "medium", "low", "eoff"]]

A sensitivity level to set for all rules. This option has lower precedence than rule and category overrides and is only applicable for DDoS phases.

One of the following:
"default"
"medium"
"low"
"eoff"
categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class ForceConnectionCloseRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["force_connection_close"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class RuleRulesetsJSChallengeRule:
last_updated: Union[str, datetime]

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["js_challenge"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[SequenceNotStr[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[RuleRulesetsJSChallengeRuleExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[LoggingParam]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[RuleRulesetsJSChallengeRuleRatelimit]

An object configuring the rule's rate limit behavior.

characteristics: SequenceNotStr[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class LogRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["log"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class LogCustomFieldRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["log_custom_field"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

raw_response_fields: Optional[List[ActionParametersRawResponseField]]

The raw response fields to log.

name: str

The name of the response header.

minLength1
preserve_duplicates: Optional[bool]

Whether to log duplicate values of the same header.

request_fields: Optional[List[ActionParametersRequestField]]

The raw request fields to log.

name: str

The name of the header.

minLength1
response_fields: Optional[List[ActionParametersResponseField]]

The transformed response fields to log.

name: str

The name of the response header.

minLength1
preserve_duplicates: Optional[bool]

Whether to log duplicate values of the same header.

transformed_request_fields: Optional[List[ActionParametersTransformedRequestField]]

The transformed request fields to log.

name: str

The name of the header.

minLength1
categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class ManagedChallengeRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["managed_challenge"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class RedirectRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["redirect"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

from_list: Optional[ActionParametersFromList]

A redirect based on a bulk list lookup.

key: str

An expression that evaluates to the list lookup key.

minLength1
name: str

The name of the list to match against.

from_value: Optional[ActionParametersFromValue]

A redirect based on the request properties.

target_url: ActionParametersFromValueTargetURL

A URL to redirect the request to.

expression: Optional[str]

An expression that evaluates to a URL to redirect the request to.

minLength1
value: Optional[str]

A URL to redirect the request to.

minLength1
preserve_query_string: Optional[bool]

Whether to keep the query string of the original request.

status_code: Optional[Literal[301, 302, 303, 2 more]]

The status code to use for the redirect.

One of the following:
301
302
303
307
308
categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class RewriteRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["rewrite"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

headers: Optional[Dict[str, ActionParametersHeaders]]

A map of headers to rewrite.

One of the following:
class ActionParametersHeadersAddStaticHeader:

A header with a static value to add.

operation: Literal["add"]

The operation to perform on the header.

value: str

A static value for the header.

minLength1
class ActionParametersHeadersAddDynamicHeader:

A header with a dynamic value to add.

expression: str

An expression that evaluates to a value for the header.

minLength1
operation: Literal["add"]

The operation to perform on the header.

class ActionParametersHeadersSetStaticHeader:

A header with a static value to set.

operation: Literal["set"]

The operation to perform on the header.

value: str

A static value for the header.

minLength1
class ActionParametersHeadersSetDynamicHeader:

A header with a dynamic value to set.

expression: str

An expression that evaluates to a value for the header.

minLength1
operation: Literal["set"]

The operation to perform on the header.

class ActionParametersHeadersRemoveHeader:

A header to remove.

operation: Literal["remove"]

The operation to perform on the header.

uri: Optional[ActionParametersURI]

A URI path rewrite.

One of the following:
class ActionParametersURIURIPath:

A URI path rewrite.

path: ActionParametersURIURIPathPath

A URI path rewrite.

expression: Optional[str]

An expression that evaluates to a value to rewrite the URI path to.

minLength1
value: Optional[str]

A value to rewrite the URI path to.

minLength1
origin: Optional[bool]

Whether to propagate the rewritten URI to origin.

class ActionParametersURIURIQuery:

A URI query rewrite.

query: ActionParametersURIURIQueryQuery

A URI query rewrite.

expression: Optional[str]

An expression that evaluates to a value to rewrite the URI query to.

minLength1
value: Optional[str]

A value to rewrite the URI query to.

origin: Optional[bool]

Whether to propagate the rewritten URI to origin.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class RouteRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["route"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

host_header: Optional[str]

A value to rewrite the HTTP host header to.

minLength1
origin: Optional[ActionParametersOrigin]

An origin to route to.

host: Optional[str]

A resolved host to route to.

minLength1
port: Optional[int]

A destination port to route to.

maximum65535
minimum1
sni: Optional[ActionParametersSNI]

A Server Name Indication (SNI) override.

value: str

A value to override the SNI to.

minLength1
categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class ScoreRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["score"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

increment: int

A delta to change the score by, which can be either positive or negative.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class ServeErrorRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["serve_error"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

One of the following:
class ActionParametersActionParametersContent:
content: str

The response content.

minLength1
content_type: Optional[Literal["application/json", "text/html", "text/plain", "text/xml"]]

The content type header to set with the error response.

One of the following:
"application/json"
"text/html"
"text/plain"
"text/xml"
status_code: Optional[int]

The status code to use for the error.

maximum999
minimum400
class ActionParametersActionParametersAsset:
asset_name: str

The name of a custom asset to serve as the error response.

minLength1
content_type: Optional[Literal["application/json", "text/html", "text/plain", "text/xml"]]

The content type header to set with the error response.

One of the following:
"application/json"
"text/html"
"text/plain"
"text/xml"
status_code: Optional[int]

The status code to use for the error.

maximum999
minimum400
categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class RuleRulesetsSetCacheControlRule:
last_updated: Union[str, datetime]

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["set_cache_control"]]

The action to perform when the rule matches.

action_parameters: Optional[RuleRulesetsSetCacheControlRuleActionParameters]

The parameters configuring the rule's action.

immutable: Optional[RuleRulesetsSetCacheControlRuleActionParametersImmutable]

A cache-control directive configuration.

One of the following:
class RuleRulesetsSetCacheControlRuleActionParametersImmutableSetDirective:

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersImmutableRemoveDirective:

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

max_age: Optional[RuleRulesetsSetCacheControlRuleActionParametersMaxAge]

A cache-control directive configuration that accepts a duration value in seconds.

One of the following:
class RuleRulesetsSetCacheControlRuleActionParametersMaxAgeSetDirective:

Set the directive with a duration value in seconds.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
value: int

The duration value in seconds for the directive.

minimum0
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersMaxAgeRemoveDirective:

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

must_revalidate: Optional[RuleRulesetsSetCacheControlRuleActionParametersMustRevalidate]

A cache-control directive configuration.

One of the following:
class RuleRulesetsSetCacheControlRuleActionParametersMustRevalidateSetDirective:

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersMustRevalidateRemoveDirective:

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

must_understand: Optional[RuleRulesetsSetCacheControlRuleActionParametersMustUnderstand]

A cache-control directive configuration.

One of the following:
class RuleRulesetsSetCacheControlRuleActionParametersMustUnderstandSetDirective:

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersMustUnderstandRemoveDirective:

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

no_cache: Optional[RuleRulesetsSetCacheControlRuleActionParametersNoCache]

A cache-control directive configuration that accepts optional qualifiers (header names).

One of the following:
class RuleRulesetsSetCacheControlRuleActionParametersNoCacheSetDirective:

Set the directive with optional qualifiers.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

qualifiers: Optional[SequenceNotStr[str]]

Optional list of header names to qualify the directive (e.g., for "private" or "no-cache" directives).

class RuleRulesetsSetCacheControlRuleActionParametersNoCacheRemoveDirective:

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

no_store: Optional[RuleRulesetsSetCacheControlRuleActionParametersNoStore]

A cache-control directive configuration.

One of the following:
class RuleRulesetsSetCacheControlRuleActionParametersNoStoreSetDirective:

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersNoStoreRemoveDirective:

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

no_transform: Optional[RuleRulesetsSetCacheControlRuleActionParametersNoTransform]

A cache-control directive configuration.

One of the following:
class RuleRulesetsSetCacheControlRuleActionParametersNoTransformSetDirective:

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersNoTransformRemoveDirective:

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

private: Optional[RuleRulesetsSetCacheControlRuleActionParametersPrivate]

A cache-control directive configuration that accepts optional qualifiers (header names).

One of the following:
class RuleRulesetsSetCacheControlRuleActionParametersPrivateSetDirective:

Set the directive with optional qualifiers.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

qualifiers: Optional[SequenceNotStr[str]]

Optional list of header names to qualify the directive (e.g., for "private" or "no-cache" directives).

class RuleRulesetsSetCacheControlRuleActionParametersPrivateRemoveDirective:

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

proxy_revalidate: Optional[RuleRulesetsSetCacheControlRuleActionParametersProxyRevalidate]

A cache-control directive configuration.

One of the following:
class RuleRulesetsSetCacheControlRuleActionParametersProxyRevalidateSetDirective:

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersProxyRevalidateRemoveDirective:

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

public: Optional[RuleRulesetsSetCacheControlRuleActionParametersPublic]

A cache-control directive configuration.

One of the following:
class RuleRulesetsSetCacheControlRuleActionParametersPublicSetDirective:

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersPublicRemoveDirective:

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

s_maxage: Optional[RuleRulesetsSetCacheControlRuleActionParametersSMaxage]

A cache-control directive configuration that accepts a duration value in seconds.

One of the following:
class RuleRulesetsSetCacheControlRuleActionParametersSMaxageSetDirective:

Set the directive with a duration value in seconds.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
value: int

The duration value in seconds for the directive.

minimum0
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersSMaxageRemoveDirective:

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

stale_if_error: Optional[RuleRulesetsSetCacheControlRuleActionParametersStaleIfError]

A cache-control directive configuration that accepts a duration value in seconds.

One of the following:
class RuleRulesetsSetCacheControlRuleActionParametersStaleIfErrorSetDirective:

Set the directive with a duration value in seconds.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
value: int

The duration value in seconds for the directive.

minimum0
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersStaleIfErrorRemoveDirective:

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

stale_while_revalidate: Optional[RuleRulesetsSetCacheControlRuleActionParametersStaleWhileRevalidate]

A cache-control directive configuration that accepts a duration value in seconds.

One of the following:
class RuleRulesetsSetCacheControlRuleActionParametersStaleWhileRevalidateSetDirective:

Set the directive with a duration value in seconds.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
value: int

The duration value in seconds for the directive.

minimum0
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersStaleWhileRevalidateRemoveDirective:

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

categories: Optional[SequenceNotStr[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[RuleRulesetsSetCacheControlRuleExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[LoggingParam]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[RuleRulesetsSetCacheControlRuleRatelimit]

An object configuring the rule's rate limit behavior.

characteristics: SequenceNotStr[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class SetCacheSettingsRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["set_cache_settings"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

additional_cacheable_ports: Optional[List[int]]

A list of additional ports that caching should be enabled on.

browser_ttl: Optional[ActionParametersBrowserTTL]

How long client browsers should cache the response. Cloudflare cache purge will not purge content cached on client browsers, so high browser TTLs may lead to stale content.

mode: Literal["respect_origin", "bypass_by_default", "override_origin", "bypass"]

The browser TTL mode.

One of the following:
"respect_origin"
"bypass_by_default"
"override_origin"
"bypass"
default: Optional[int]

The browser TTL (in seconds) if you choose the "override_origin" mode.

minimum0
cache: Optional[bool]

Whether the request's response from the origin is eligible for caching. Caching itself will still depend on the cache control header and your other caching configurations.

cache_key: Optional[ActionParametersCacheKey]

Which components of the request are included in or excluded from the cache key Cloudflare uses to store the response in cache.

cache_by_device_type: Optional[bool]

Whether to separate cached content based on the visitor's device type.

cache_deception_armor: Optional[bool]

Whether to protect from web cache deception attacks, while allowing static assets to be cached.

custom_key: Optional[ActionParametersCacheKeyCustomKey]

Which components of the request are included or excluded from the cache key.

header: Optional[ActionParametersCacheKeyCustomKeyHeader]

Which headers to include in the cache key.

check_presence: Optional[List[str]]

A list of headers to check for the presence of. The presence of these headers is included in the cache key.

contains: Optional[Dict[str, List[str]]]

A mapping of header names to a list of values. If a header is present in the request and contains any of the values provided, its value is included in the cache key.

exclude_origin: Optional[bool]

Whether to exclude the origin header in the cache key.

include: Optional[List[str]]

A list of headers to include in the cache key.

host: Optional[ActionParametersCacheKeyCustomKeyHost]

How to use the host in the cache key.

resolved: Optional[bool]

Whether to use the resolved host in the cache key.

query_string: Optional[ActionParametersCacheKeyCustomKeyQueryString]

Which query string parameters to include in or exclude from the cache key.

exclude: Optional[ActionParametersCacheKeyCustomKeyQueryStringExclude]

Which query string parameters to exclude from the cache key.

all: Optional[Literal[true]]

Whether to exclude all query string parameters from the cache key.

list: Optional[List[str]]

A list of query string parameters to exclude from the cache key.

include: Optional[ActionParametersCacheKeyCustomKeyQueryStringInclude]

Which query string parameters to include in the cache key.

all: Optional[Literal[true]]

Whether to include all query string parameters in the cache key.

list: Optional[List[str]]

A list of query string parameters to include in the cache key.

user: Optional[ActionParametersCacheKeyCustomKeyUser]

How to use characteristics of the request user agent in the cache key.

device_type: Optional[bool]

Whether to use the user agent's device type in the cache key.

geo: Optional[bool]

Whether to use the user agents's country in the cache key.

lang: Optional[bool]

Whether to use the user agent's language in the cache key.

ignore_query_strings_order: Optional[bool]

Whether to treat requests with the same query parameters the same, regardless of the order those query parameters are in.

cache_reserve: Optional[ActionParametersCacheReserve]

Settings to determine whether the request's response from origin is eligible for Cache Reserve (requires a Cache Reserve add-on plan).

eligible: bool

Whether Cache Reserve is enabled. If this is true and a request meets eligibility criteria, Cloudflare will write the resource to Cache Reserve.

minimum_file_size: Optional[int]

The minimum file size eligible for storage in Cache Reserve.

minimum0
edge_ttl: Optional[ActionParametersEdgeTTL]

How long the Cloudflare edge network should cache the response.

mode: Literal["respect_origin", "bypass_by_default", "override_origin"]

The edge TTL mode.

One of the following:
"respect_origin"
"bypass_by_default"
"override_origin"
default: Optional[int]

The edge TTL (in seconds) if you choose the "override_origin" mode.

minimum0
status_code_ttl: Optional[List[ActionParametersEdgeTTLStatusCodeTTL]]

A list of TTLs to apply to specific status codes or status code ranges.

value: int

The time to cache the response for (in seconds). A value of 0 is equivalent to setting the cache control header with the value "no-cache". A value of -1 is equivalent to setting the cache control header with the value of "no-store".

status_code: Optional[int]

A single status code to apply the TTL to.

maximum999
minimum100
status_code_range: Optional[ActionParametersEdgeTTLStatusCodeTTLStatusCodeRange]

A range of status codes to apply the TTL to.

from_: Optional[int]

The lower bound of the range.

maximum999
minimum100
to: Optional[int]

The upper bound of the range.

maximum999
minimum100
origin_cache_control: Optional[bool]

Whether Cloudflare will aim to strictly adhere to RFC 7234.

origin_error_page_passthru: Optional[bool]

Whether to generate Cloudflare error pages for issues from the origin server.

read_timeout: Optional[int]

A timeout value between two successive read operations to use for your origin server. Historically, the timeout value between two read options from Cloudflare to an origin server is 100 seconds. If you are attempting to reduce HTTP 524 errors because of timeouts from an origin server, try increasing this timeout value.

maximum6000
minimum100
respect_strong_etags: Optional[bool]

Whether Cloudflare should respect strong ETag (entity tag) headers. If false, Cloudflare converts strong ETag headers to weak ETag headers.

serve_stale: Optional[ActionParametersServeStale]

When to serve stale content from cache.

disable_stale_while_updating: Optional[bool]

Whether Cloudflare should disable serving stale content while getting the latest content from the origin.

shared_dictionary: Optional[ActionParametersSharedDictionary]

Configuration for shared dictionary compression. When set, Cloudflare injects Use-As-Dictionary headers on matching cacheable responses.

match_pattern: str

URL pattern for the Use-As-Dictionary match field. This pattern specifies which URLs can use this response as a dictionary.

maxLength1024
minLength1
strip_etags: Optional[bool]

Whether to strip ETag headers from the origin response before caching.

strip_last_modified: Optional[bool]

Whether to strip Last-Modified headers from the origin response before caching.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class RuleRulesetsSetCacheTagsRule:
last_updated: Union[str, datetime]

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["set_cache_tags"]]

The action to perform when the rule matches.

action_parameters: Optional[RuleRulesetsSetCacheTagsRuleActionParameters]

The parameters configuring the rule's action.

One of the following:
class RuleRulesetsSetCacheTagsRuleActionParametersAddCacheTagsValues:

Add cache tags using a list of values.

operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:
"add"
"remove"
"set"
values: SequenceNotStr[str]

A list of cache tag values.

class RuleRulesetsSetCacheTagsRuleActionParametersAddCacheTagsExpression:

Add cache tags using an expression.

expression: str

An expression that evaluates to an array of cache tag values.

minLength1
operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:
"add"
"remove"
"set"
class RuleRulesetsSetCacheTagsRuleActionParametersRemoveCacheTagsValues:

Remove cache tags using a list of values.

operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:
"add"
"remove"
"set"
values: SequenceNotStr[str]

A list of cache tag values.

class RuleRulesetsSetCacheTagsRuleActionParametersRemoveCacheTagsExpression:

Remove cache tags using an expression.

expression: str

An expression that evaluates to an array of cache tag values.

minLength1
operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:
"add"
"remove"
"set"
class RuleRulesetsSetCacheTagsRuleActionParametersSetCacheTagsValues:

Set cache tags using a list of values.

operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:
"add"
"remove"
"set"
values: SequenceNotStr[str]

A list of cache tag values.

class RuleRulesetsSetCacheTagsRuleActionParametersSetCacheTagsExpression:

Set cache tags using an expression.

expression: str

An expression that evaluates to an array of cache tag values.

minLength1
operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:
"add"
"remove"
"set"
categories: Optional[SequenceNotStr[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[RuleRulesetsSetCacheTagsRuleExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[LoggingParam]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[RuleRulesetsSetCacheTagsRuleRatelimit]

An object configuring the rule's rate limit behavior.

characteristics: SequenceNotStr[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class SetConfigRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["set_config"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

automatic_https_rewrites: Optional[bool]

Whether to enable Automatic HTTPS Rewrites.

autominify: Optional[ActionParametersAutominify]

Which file extensions to minify automatically.

css: Optional[bool]

Whether to minify CSS files.

html: Optional[bool]

Whether to minify HTML files.

js: Optional[bool]

Whether to minify JavaScript files.

bic: Optional[bool]

Whether to enable Browser Integrity Check (BIC).

content_converter: Optional[bool]

Whether to enable content conversion (e.g., HTML to Markdown).

Deprecateddisable_apps: Optional[Literal[true]]
Cloudflare Apps are deprected.

Whether to disable Cloudflare Apps.

disable_pay_per_crawl: Optional[Literal[true]]

Whether to disable Pay Per Crawl.

disable_rum: Optional[Literal[true]]

Whether to disable Real User Monitoring (RUM).

disable_zaraz: Optional[Literal[true]]

Whether to disable Zaraz.

email_obfuscation: Optional[bool]

Whether to enable Email Obfuscation.

fonts: Optional[bool]

Whether to enable Cloudflare Fonts.

Deprecatedmirage: Optional[bool]
Mirage is deprecated. More information at https://developers.cloudflare.com/speed/optimization/images/mirage/.

Whether to enable Mirage.

opportunistic_encryption: Optional[bool]

Whether to enable Opportunistic Encryption.

polish: Optional[Literal["off", "lossless", "lossy", "webp"]]

The Polish level to configure.

One of the following:
"off"
"lossless"
"lossy"
"webp"
redirects_for_ai_training: Optional[bool]

Whether to redirect verified AI training crawlers to canonical URLs found in the HTML response.

request_body_buffering: Optional[Literal["none", "standard", "full"]]

The request body buffering mode.

One of the following:
"none"
"standard"
"full"
response_body_buffering: Optional[Literal["none", "standard"]]

The response body buffering mode.

One of the following:
"none"
"standard"
rocket_loader: Optional[bool]

Whether to enable Rocket Loader.

security_level: Optional[Literal["off", "essentially_off", "low", 3 more]]

The Security Level to configure.

One of the following:
"off"
"essentially_off"
"low"
"medium"
"high"
"under_attack"
server_side_excludes: Optional[bool]

Whether to enable Server-Side Excludes.

ssl: Optional[Literal["off", "flexible", "full", 2 more]]

The SSL level to configure.

One of the following:
"off"
"flexible"
"full"
"strict"
"origin_pull"
sxg: Optional[bool]

Whether to enable Signed Exchanges (SXG).

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class SkipRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["skip"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

phase: Optional[Literal["current"]]

A phase to skip the execution of. This option is only compatible with the products option.

phases: Optional[List[Phase]]

A list of phases to skip the execution of. This option is incompatible with the rulesets option.

One of the following:
"ddos_l4"
"ddos_l7"
"http_config_settings"
"http_custom_errors"
"http_log_custom_fields"
"http_ratelimit"
"http_request_cache_settings"
"http_request_dynamic_redirect"
"http_request_firewall_custom"
"http_request_firewall_managed"
"http_request_late_transform"
"http_request_origin"
"http_request_redirect"
"http_request_sanitize"
"http_request_sbfm"
"http_request_transform"
"http_response_cache_settings"
"http_response_compression"
"http_response_firewall_managed"
"http_response_headers_transform"
"magic_transit"
"magic_transit_ids_managed"
"magic_transit_managed"
"magic_transit_ratelimit"
products: Optional[List[Literal["bic", "hot", "rateLimit", 4 more]]]

A list of legacy security products to skip the execution of.

One of the following:
"bic"
"hot"
"rateLimit"
"securityLevel"
"uaBlock"
"waf"
"zoneLockdown"
rules: Optional[Dict[str, List[str]]]

A mapping of ruleset IDs to a list of rule IDs in that ruleset to skip the execution of. This option is incompatible with the ruleset option.

ruleset: Optional[Literal["current"]]

A ruleset to skip the execution of. This option is incompatible with the rulesets option.

rulesets: Optional[List[str]]

A list of ruleset IDs to skip the execution of. This option is incompatible with the ruleset and phases options.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
ReturnsExpand Collapse
class PhaseUpdateResponse:

A ruleset object.

id: str

The unique ID of the ruleset.

kind: Kind

The kind of the ruleset.

One of the following:
"managed"
"custom"
"root"
"zone"
last_updated: datetime

The timestamp of when the ruleset was last modified.

formatdate-time
name: str

The human-readable name of the ruleset.

minLength1
phase: Phase

The phase of the ruleset.

One of the following:
"ddos_l4"
"ddos_l7"
"http_config_settings"
"http_custom_errors"
"http_log_custom_fields"
"http_ratelimit"
"http_request_cache_settings"
"http_request_dynamic_redirect"
"http_request_firewall_custom"
"http_request_firewall_managed"
"http_request_late_transform"
"http_request_origin"
"http_request_redirect"
"http_request_sanitize"
"http_request_sbfm"
"http_request_transform"
"http_response_cache_settings"
"http_response_compression"
"http_response_firewall_managed"
"http_response_headers_transform"
"magic_transit"
"magic_transit_ids_managed"
"magic_transit_managed"
"magic_transit_ratelimit"
rules: List[Rule]

The list of rules in the ruleset.

One of the following:
class BlockRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["block"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

response: Optional[ActionParametersResponse]

The response to show when the block is applied.

content: str

The content to return.

minLength1
content_type: str

The type of the content to return.

minLength1
status_code: int

The status code to return.

maximum499
minimum400
categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class RuleRulesetsChallengeRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["challenge"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[RuleRulesetsChallengeRuleExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[RuleRulesetsChallengeRuleRatelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class CompressResponseRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["compress_response"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

algorithms: List[ActionParametersAlgorithm]

Custom order for compression algorithms.

name: Optional[Literal["none", "auto", "default", 3 more]]

Name of the compression algorithm to enable.

One of the following:
"none"
"auto"
"default"
"gzip"
"brotli"
"zstd"
categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class DDoSDynamicRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["ddos_dynamic"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class ExecuteRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["execute"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

id: str

The ID of the ruleset to execute.

matched_data: Optional[ActionParametersMatchedData]

The configuration to use for matched data logging.

public_key: str

The public key to encrypt matched data logs with.

minLength1
overrides: Optional[ActionParametersOverrides]

A set of overrides to apply to the target ruleset.

action: Optional[str]

An action to override all rules with. This option has lower precedence than rule and category overrides.

categories: Optional[List[ActionParametersOverridesCategory]]

A list of category-level overrides. This option has the second-highest precedence after rule-level overrides.

category: str

The name of the category to override.

minLength1
action: Optional[str]

The action to override rules in the category with.

enabled: Optional[bool]

Whether to enable execution of rules in the category.

sensitivity_level: Optional[Literal["default", "medium", "low", "eoff"]]

The sensitivity level to use for rules in the category. This option is only applicable for DDoS phases.

One of the following:
"default"
"medium"
"low"
"eoff"
enabled: Optional[bool]

Whether to enable execution of all rules. This option has lower precedence than rule and category overrides.

rules: Optional[List[ActionParametersOverridesRule]]

A list of rule-level overrides. This option has the highest precedence.

id: str

The ID of the rule to override.

action: Optional[str]

The action to override the rule with.

enabled: Optional[bool]

Whether to enable execution of the rule.

score_threshold: Optional[int]

The score threshold to use for the rule.

sensitivity_level: Optional[Literal["default", "medium", "low", "eoff"]]

The sensitivity level to use for the rule. This option is only applicable for DDoS phases.

One of the following:
"default"
"medium"
"low"
"eoff"
sensitivity_level: Optional[Literal["default", "medium", "low", "eoff"]]

A sensitivity level to set for all rules. This option has lower precedence than rule and category overrides and is only applicable for DDoS phases.

One of the following:
"default"
"medium"
"low"
"eoff"
categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class ForceConnectionCloseRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["force_connection_close"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class RuleRulesetsJSChallengeRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["js_challenge"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[RuleRulesetsJSChallengeRuleExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[RuleRulesetsJSChallengeRuleRatelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class LogRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["log"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class LogCustomFieldRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["log_custom_field"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

raw_response_fields: Optional[List[ActionParametersRawResponseField]]

The raw response fields to log.

name: str

The name of the response header.

minLength1
preserve_duplicates: Optional[bool]

Whether to log duplicate values of the same header.

request_fields: Optional[List[ActionParametersRequestField]]

The raw request fields to log.

name: str

The name of the header.

minLength1
response_fields: Optional[List[ActionParametersResponseField]]

The transformed response fields to log.

name: str

The name of the response header.

minLength1
preserve_duplicates: Optional[bool]

Whether to log duplicate values of the same header.

transformed_request_fields: Optional[List[ActionParametersTransformedRequestField]]

The transformed request fields to log.

name: str

The name of the header.

minLength1
categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class ManagedChallengeRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["managed_challenge"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class RedirectRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["redirect"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

from_list: Optional[ActionParametersFromList]

A redirect based on a bulk list lookup.

key: str

An expression that evaluates to the list lookup key.

minLength1
name: str

The name of the list to match against.

from_value: Optional[ActionParametersFromValue]

A redirect based on the request properties.

target_url: ActionParametersFromValueTargetURL

A URL to redirect the request to.

expression: Optional[str]

An expression that evaluates to a URL to redirect the request to.

minLength1
value: Optional[str]

A URL to redirect the request to.

minLength1
preserve_query_string: Optional[bool]

Whether to keep the query string of the original request.

status_code: Optional[Literal[301, 302, 303, 2 more]]

The status code to use for the redirect.

One of the following:
301
302
303
307
308
categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class RewriteRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["rewrite"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

headers: Optional[Dict[str, ActionParametersHeaders]]

A map of headers to rewrite.

One of the following:
class ActionParametersHeadersAddStaticHeader:

A header with a static value to add.

operation: Literal["add"]

The operation to perform on the header.

value: str

A static value for the header.

minLength1
class ActionParametersHeadersAddDynamicHeader:

A header with a dynamic value to add.

expression: str

An expression that evaluates to a value for the header.

minLength1
operation: Literal["add"]

The operation to perform on the header.

class ActionParametersHeadersSetStaticHeader:

A header with a static value to set.

operation: Literal["set"]

The operation to perform on the header.

value: str

A static value for the header.

minLength1
class ActionParametersHeadersSetDynamicHeader:

A header with a dynamic value to set.

expression: str

An expression that evaluates to a value for the header.

minLength1
operation: Literal["set"]

The operation to perform on the header.

class ActionParametersHeadersRemoveHeader:

A header to remove.

operation: Literal["remove"]

The operation to perform on the header.

uri: Optional[ActionParametersURI]

A URI path rewrite.

One of the following:
class ActionParametersURIURIPath:

A URI path rewrite.

path: ActionParametersURIURIPathPath

A URI path rewrite.

expression: Optional[str]

An expression that evaluates to a value to rewrite the URI path to.

minLength1
value: Optional[str]

A value to rewrite the URI path to.

minLength1
origin: Optional[bool]

Whether to propagate the rewritten URI to origin.

class ActionParametersURIURIQuery:

A URI query rewrite.

query: ActionParametersURIURIQueryQuery

A URI query rewrite.

expression: Optional[str]

An expression that evaluates to a value to rewrite the URI query to.

minLength1
value: Optional[str]

A value to rewrite the URI query to.

origin: Optional[bool]

Whether to propagate the rewritten URI to origin.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class RouteRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["route"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

host_header: Optional[str]

A value to rewrite the HTTP host header to.

minLength1
origin: Optional[ActionParametersOrigin]

An origin to route to.

host: Optional[str]

A resolved host to route to.

minLength1
port: Optional[int]

A destination port to route to.

maximum65535
minimum1
sni: Optional[ActionParametersSNI]

A Server Name Indication (SNI) override.

value: str

A value to override the SNI to.

minLength1
categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class ScoreRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["score"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

increment: int

A delta to change the score by, which can be either positive or negative.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class ServeErrorRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["serve_error"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

One of the following:
class ActionParametersActionParametersContent:
content: str

The response content.

minLength1
content_type: Optional[Literal["application/json", "text/html", "text/plain", "text/xml"]]

The content type header to set with the error response.

One of the following:
"application/json"
"text/html"
"text/plain"
"text/xml"
status_code: Optional[int]

The status code to use for the error.

maximum999
minimum400
class ActionParametersActionParametersAsset:
asset_name: str

The name of a custom asset to serve as the error response.

minLength1
content_type: Optional[Literal["application/json", "text/html", "text/plain", "text/xml"]]

The content type header to set with the error response.

One of the following:
"application/json"
"text/html"
"text/plain"
"text/xml"
status_code: Optional[int]

The status code to use for the error.

maximum999
minimum400
categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class RuleRulesetsSetCacheControlRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["set_cache_control"]]

The action to perform when the rule matches.

action_parameters: Optional[RuleRulesetsSetCacheControlRuleActionParameters]

The parameters configuring the rule's action.

immutable: Optional[RuleRulesetsSetCacheControlRuleActionParametersImmutable]

A cache-control directive configuration.

One of the following:
class RuleRulesetsSetCacheControlRuleActionParametersImmutableSetDirective:

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersImmutableRemoveDirective:

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

max_age: Optional[RuleRulesetsSetCacheControlRuleActionParametersMaxAge]

A cache-control directive configuration that accepts a duration value in seconds.

One of the following:
class RuleRulesetsSetCacheControlRuleActionParametersMaxAgeSetDirective:

Set the directive with a duration value in seconds.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
value: int

The duration value in seconds for the directive.

minimum0
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersMaxAgeRemoveDirective:

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

must_revalidate: Optional[RuleRulesetsSetCacheControlRuleActionParametersMustRevalidate]

A cache-control directive configuration.

One of the following:
class RuleRulesetsSetCacheControlRuleActionParametersMustRevalidateSetDirective:

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersMustRevalidateRemoveDirective:

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

must_understand: Optional[RuleRulesetsSetCacheControlRuleActionParametersMustUnderstand]

A cache-control directive configuration.

One of the following:
class RuleRulesetsSetCacheControlRuleActionParametersMustUnderstandSetDirective:

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersMustUnderstandRemoveDirective:

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

no_cache: Optional[RuleRulesetsSetCacheControlRuleActionParametersNoCache]

A cache-control directive configuration that accepts optional qualifiers (header names).

One of the following:
class RuleRulesetsSetCacheControlRuleActionParametersNoCacheSetDirective:

Set the directive with optional qualifiers.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

qualifiers: Optional[List[str]]

Optional list of header names to qualify the directive (e.g., for "private" or "no-cache" directives).

class RuleRulesetsSetCacheControlRuleActionParametersNoCacheRemoveDirective:

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

no_store: Optional[RuleRulesetsSetCacheControlRuleActionParametersNoStore]

A cache-control directive configuration.

One of the following:
class RuleRulesetsSetCacheControlRuleActionParametersNoStoreSetDirective:

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersNoStoreRemoveDirective:

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

no_transform: Optional[RuleRulesetsSetCacheControlRuleActionParametersNoTransform]

A cache-control directive configuration.

One of the following:
class RuleRulesetsSetCacheControlRuleActionParametersNoTransformSetDirective:

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersNoTransformRemoveDirective:

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

private: Optional[RuleRulesetsSetCacheControlRuleActionParametersPrivate]

A cache-control directive configuration that accepts optional qualifiers (header names).

One of the following:
class RuleRulesetsSetCacheControlRuleActionParametersPrivateSetDirective:

Set the directive with optional qualifiers.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

qualifiers: Optional[List[str]]

Optional list of header names to qualify the directive (e.g., for "private" or "no-cache" directives).

class RuleRulesetsSetCacheControlRuleActionParametersPrivateRemoveDirective:

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

proxy_revalidate: Optional[RuleRulesetsSetCacheControlRuleActionParametersProxyRevalidate]

A cache-control directive configuration.

One of the following:
class RuleRulesetsSetCacheControlRuleActionParametersProxyRevalidateSetDirective:

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersProxyRevalidateRemoveDirective:

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

public: Optional[RuleRulesetsSetCacheControlRuleActionParametersPublic]

A cache-control directive configuration.

One of the following:
class RuleRulesetsSetCacheControlRuleActionParametersPublicSetDirective:

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersPublicRemoveDirective:

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

s_maxage: Optional[RuleRulesetsSetCacheControlRuleActionParametersSMaxage]

A cache-control directive configuration that accepts a duration value in seconds.

One of the following:
class RuleRulesetsSetCacheControlRuleActionParametersSMaxageSetDirective:

Set the directive with a duration value in seconds.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
value: int

The duration value in seconds for the directive.

minimum0
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersSMaxageRemoveDirective:

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

stale_if_error: Optional[RuleRulesetsSetCacheControlRuleActionParametersStaleIfError]

A cache-control directive configuration that accepts a duration value in seconds.

One of the following:
class RuleRulesetsSetCacheControlRuleActionParametersStaleIfErrorSetDirective:

Set the directive with a duration value in seconds.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
value: int

The duration value in seconds for the directive.

minimum0
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersStaleIfErrorRemoveDirective:

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

stale_while_revalidate: Optional[RuleRulesetsSetCacheControlRuleActionParametersStaleWhileRevalidate]

A cache-control directive configuration that accepts a duration value in seconds.

One of the following:
class RuleRulesetsSetCacheControlRuleActionParametersStaleWhileRevalidateSetDirective:

Set the directive with a duration value in seconds.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
value: int

The duration value in seconds for the directive.

minimum0
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersStaleWhileRevalidateRemoveDirective:

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:
"set"
"remove"
cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[RuleRulesetsSetCacheControlRuleExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[RuleRulesetsSetCacheControlRuleRatelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class SetCacheSettingsRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["set_cache_settings"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

additional_cacheable_ports: Optional[List[int]]

A list of additional ports that caching should be enabled on.

browser_ttl: Optional[ActionParametersBrowserTTL]

How long client browsers should cache the response. Cloudflare cache purge will not purge content cached on client browsers, so high browser TTLs may lead to stale content.

mode: Literal["respect_origin", "bypass_by_default", "override_origin", "bypass"]

The browser TTL mode.

One of the following:
"respect_origin"
"bypass_by_default"
"override_origin"
"bypass"
default: Optional[int]

The browser TTL (in seconds) if you choose the "override_origin" mode.

minimum0
cache: Optional[bool]

Whether the request's response from the origin is eligible for caching. Caching itself will still depend on the cache control header and your other caching configurations.

cache_key: Optional[ActionParametersCacheKey]

Which components of the request are included in or excluded from the cache key Cloudflare uses to store the response in cache.

cache_by_device_type: Optional[bool]

Whether to separate cached content based on the visitor's device type.

cache_deception_armor: Optional[bool]

Whether to protect from web cache deception attacks, while allowing static assets to be cached.

custom_key: Optional[ActionParametersCacheKeyCustomKey]

Which components of the request are included or excluded from the cache key.

header: Optional[ActionParametersCacheKeyCustomKeyHeader]

Which headers to include in the cache key.

check_presence: Optional[List[str]]

A list of headers to check for the presence of. The presence of these headers is included in the cache key.

contains: Optional[Dict[str, List[str]]]

A mapping of header names to a list of values. If a header is present in the request and contains any of the values provided, its value is included in the cache key.

exclude_origin: Optional[bool]

Whether to exclude the origin header in the cache key.

include: Optional[List[str]]

A list of headers to include in the cache key.

host: Optional[ActionParametersCacheKeyCustomKeyHost]

How to use the host in the cache key.

resolved: Optional[bool]

Whether to use the resolved host in the cache key.

query_string: Optional[ActionParametersCacheKeyCustomKeyQueryString]

Which query string parameters to include in or exclude from the cache key.

exclude: Optional[ActionParametersCacheKeyCustomKeyQueryStringExclude]

Which query string parameters to exclude from the cache key.

all: Optional[Literal[true]]

Whether to exclude all query string parameters from the cache key.

list: Optional[List[str]]

A list of query string parameters to exclude from the cache key.

include: Optional[ActionParametersCacheKeyCustomKeyQueryStringInclude]

Which query string parameters to include in the cache key.

all: Optional[Literal[true]]

Whether to include all query string parameters in the cache key.

list: Optional[List[str]]

A list of query string parameters to include in the cache key.

user: Optional[ActionParametersCacheKeyCustomKeyUser]

How to use characteristics of the request user agent in the cache key.

device_type: Optional[bool]

Whether to use the user agent's device type in the cache key.

geo: Optional[bool]

Whether to use the user agents's country in the cache key.

lang: Optional[bool]

Whether to use the user agent's language in the cache key.

ignore_query_strings_order: Optional[bool]

Whether to treat requests with the same query parameters the same, regardless of the order those query parameters are in.

cache_reserve: Optional[ActionParametersCacheReserve]

Settings to determine whether the request's response from origin is eligible for Cache Reserve (requires a Cache Reserve add-on plan).

eligible: bool

Whether Cache Reserve is enabled. If this is true and a request meets eligibility criteria, Cloudflare will write the resource to Cache Reserve.

minimum_file_size: Optional[int]

The minimum file size eligible for storage in Cache Reserve.

minimum0
edge_ttl: Optional[ActionParametersEdgeTTL]

How long the Cloudflare edge network should cache the response.

mode: Literal["respect_origin", "bypass_by_default", "override_origin"]

The edge TTL mode.

One of the following:
"respect_origin"
"bypass_by_default"
"override_origin"
default: Optional[int]

The edge TTL (in seconds) if you choose the "override_origin" mode.

minimum0
status_code_ttl: Optional[List[ActionParametersEdgeTTLStatusCodeTTL]]

A list of TTLs to apply to specific status codes or status code ranges.

value: int

The time to cache the response for (in seconds). A value of 0 is equivalent to setting the cache control header with the value "no-cache". A value of -1 is equivalent to setting the cache control header with the value of "no-store".

status_code: Optional[int]

A single status code to apply the TTL to.

maximum999
minimum100
status_code_range: Optional[ActionParametersEdgeTTLStatusCodeTTLStatusCodeRange]

A range of status codes to apply the TTL to.

from_: Optional[int]

The lower bound of the range.

maximum999
minimum100
to: Optional[int]

The upper bound of the range.

maximum999
minimum100
origin_cache_control: Optional[bool]

Whether Cloudflare will aim to strictly adhere to RFC 7234.

origin_error_page_passthru: Optional[bool]

Whether to generate Cloudflare error pages for issues from the origin server.

read_timeout: Optional[int]

A timeout value between two successive read operations to use for your origin server. Historically, the timeout value between two read options from Cloudflare to an origin server is 100 seconds. If you are attempting to reduce HTTP 524 errors because of timeouts from an origin server, try increasing this timeout value.

maximum6000
minimum100
respect_strong_etags: Optional[bool]

Whether Cloudflare should respect strong ETag (entity tag) headers. If false, Cloudflare converts strong ETag headers to weak ETag headers.

serve_stale: Optional[ActionParametersServeStale]

When to serve stale content from cache.

disable_stale_while_updating: Optional[bool]

Whether Cloudflare should disable serving stale content while getting the latest content from the origin.

shared_dictionary: Optional[ActionParametersSharedDictionary]

Configuration for shared dictionary compression. When set, Cloudflare injects Use-As-Dictionary headers on matching cacheable responses.

match_pattern: str

URL pattern for the Use-As-Dictionary match field. This pattern specifies which URLs can use this response as a dictionary.

maxLength1024
minLength1
strip_etags: Optional[bool]

Whether to strip ETag headers from the origin response before caching.

strip_last_modified: Optional[bool]

Whether to strip Last-Modified headers from the origin response before caching.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class RuleRulesetsSetCacheTagsRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["set_cache_tags"]]

The action to perform when the rule matches.

action_parameters: Optional[RuleRulesetsSetCacheTagsRuleActionParameters]

The parameters configuring the rule's action.

One of the following:
class RuleRulesetsSetCacheTagsRuleActionParametersAddCacheTagsValues:

Add cache tags using a list of values.

operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:
"add"
"remove"
"set"
values: List[str]

A list of cache tag values.

class RuleRulesetsSetCacheTagsRuleActionParametersAddCacheTagsExpression:

Add cache tags using an expression.

expression: str

An expression that evaluates to an array of cache tag values.

minLength1
operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:
"add"
"remove"
"set"
class RuleRulesetsSetCacheTagsRuleActionParametersRemoveCacheTagsValues:

Remove cache tags using a list of values.

operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:
"add"
"remove"
"set"
values: List[str]

A list of cache tag values.

class RuleRulesetsSetCacheTagsRuleActionParametersRemoveCacheTagsExpression:

Remove cache tags using an expression.

expression: str

An expression that evaluates to an array of cache tag values.

minLength1
operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:
"add"
"remove"
"set"
class RuleRulesetsSetCacheTagsRuleActionParametersSetCacheTagsValues:

Set cache tags using a list of values.

operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:
"add"
"remove"
"set"
values: List[str]

A list of cache tag values.

class RuleRulesetsSetCacheTagsRuleActionParametersSetCacheTagsExpression:

Set cache tags using an expression.

expression: str

An expression that evaluates to an array of cache tag values.

minLength1
operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:
"add"
"remove"
"set"
categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[RuleRulesetsSetCacheTagsRuleExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[RuleRulesetsSetCacheTagsRuleRatelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class SetConfigRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["set_config"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

automatic_https_rewrites: Optional[bool]

Whether to enable Automatic HTTPS Rewrites.

autominify: Optional[ActionParametersAutominify]

Which file extensions to minify automatically.

css: Optional[bool]

Whether to minify CSS files.

html: Optional[bool]

Whether to minify HTML files.

js: Optional[bool]

Whether to minify JavaScript files.

bic: Optional[bool]

Whether to enable Browser Integrity Check (BIC).

content_converter: Optional[bool]

Whether to enable content conversion (e.g., HTML to Markdown).

Deprecateddisable_apps: Optional[Literal[true]]
Cloudflare Apps are deprected.

Whether to disable Cloudflare Apps.

disable_pay_per_crawl: Optional[Literal[true]]

Whether to disable Pay Per Crawl.

disable_rum: Optional[Literal[true]]

Whether to disable Real User Monitoring (RUM).

disable_zaraz: Optional[Literal[true]]

Whether to disable Zaraz.

email_obfuscation: Optional[bool]

Whether to enable Email Obfuscation.

fonts: Optional[bool]

Whether to enable Cloudflare Fonts.

Deprecatedmirage: Optional[bool]
Mirage is deprecated. More information at https://developers.cloudflare.com/speed/optimization/images/mirage/.

Whether to enable Mirage.

opportunistic_encryption: Optional[bool]

Whether to enable Opportunistic Encryption.

polish: Optional[Literal["off", "lossless", "lossy", "webp"]]

The Polish level to configure.

One of the following:
"off"
"lossless"
"lossy"
"webp"
redirects_for_ai_training: Optional[bool]

Whether to redirect verified AI training crawlers to canonical URLs found in the HTML response.

request_body_buffering: Optional[Literal["none", "standard", "full"]]

The request body buffering mode.

One of the following:
"none"
"standard"
"full"
response_body_buffering: Optional[Literal["none", "standard"]]

The response body buffering mode.

One of the following:
"none"
"standard"
rocket_loader: Optional[bool]

Whether to enable Rocket Loader.

security_level: Optional[Literal["off", "essentially_off", "low", 3 more]]

The Security Level to configure.

One of the following:
"off"
"essentially_off"
"low"
"medium"
"high"
"under_attack"
server_side_excludes: Optional[bool]

Whether to enable Server-Side Excludes.

ssl: Optional[Literal["off", "flexible", "full", 2 more]]

The SSL level to configure.

One of the following:
"off"
"flexible"
"full"
"strict"
"origin_pull"
sxg: Optional[bool]

Whether to enable Signed Exchanges (SXG).

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
class SkipRule:
last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time
version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["skip"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

phase: Optional[Literal["current"]]

A phase to skip the execution of. This option is only compatible with the products option.

phases: Optional[List[Phase]]

A list of phases to skip the execution of. This option is incompatible with the rulesets option.

One of the following:
"ddos_l4"
"ddos_l7"
"http_config_settings"
"http_custom_errors"
"http_log_custom_fields"
"http_ratelimit"
"http_request_cache_settings"
"http_request_dynamic_redirect"
"http_request_firewall_custom"
"http_request_firewall_managed"
"http_request_late_transform"
"http_request_origin"
"http_request_redirect"
"http_request_sanitize"
"http_request_sbfm"
"http_request_transform"
"http_response_cache_settings"
"http_response_compression"
"http_response_firewall_managed"
"http_response_headers_transform"
"magic_transit"
"magic_transit_ids_managed"
"magic_transit_managed"
"magic_transit_ratelimit"
products: Optional[List[Literal["bic", "hot", "rateLimit", 4 more]]]

A list of legacy security products to skip the execution of.

One of the following:
"bic"
"hot"
"rateLimit"
"securityLevel"
"uaBlock"
"waf"
"zoneLockdown"
rules: Optional[Dict[str, List[str]]]

A mapping of ruleset IDs to a list of rule IDs in that ruleset to skip the execution of. This option is incompatible with the ruleset option.

ruleset: Optional[Literal["current"]]

A ruleset to skip the execution of. This option is incompatible with the rulesets option.

rulesets: Optional[List[str]]

A list of ruleset IDs to skip the execution of. This option is incompatible with the ruleset and phases options.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1
username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1
expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1
logging: Optional[Logging]

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0
counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1
mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1
requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1
ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1
version: str

The version of the ruleset.

description: Optional[str]

An informative description of the ruleset.

Update an account or zone entry point ruleset

import os
from cloudflare import Cloudflare

client = Cloudflare(
    api_token=os.environ.get("CLOUDFLARE_API_TOKEN"),  # This is the default and can be omitted
)
phase = client.rulesets.phases.update(
    ruleset_phase="http_request_firewall_custom",
    account_id="account_id",
)
print(phase.id)
{
  "errors": [
    {
      "message": "something bad happened",
      "code": 10000,
      "source": {
        "pointer": "/rules/0/action"
      }
    }
  ],
  "messages": [
    {
      "message": "something bad happened",
      "code": 10000,
      "source": {
        "pointer": "/rules/0/action"
      }
    }
  ],
  "result": {
    "id": "2f2feab2026849078ba485f918791bdc",
    "kind": "root",
    "last_updated": "2000-01-01T00:00:00.000000Z",
    "name": "My ruleset",
    "phase": "http_request_firewall_custom",
    "rules": [
      {
        "last_updated": "2000-01-01T00:00:00.000000Z",
        "version": "1",
        "id": "3a03d665bac047339bb530ecb439a90d",
        "action": "block",
        "action_parameters": {
          "response": {
            "content": "{\n  \"success\": false,\n  \"error\": \"you have been blocked\"\n}",
            "content_type": "application/json",
            "status_code": 400
          }
        },
        "categories": [
          "directory-traversal"
        ],
        "description": "Block the request.",
        "enabled": true,
        "exposed_credential_check": {
          "password_expression": "url_decode(http.request.body.form[\\\"password\\\"][0])",
          "username_expression": "url_decode(http.request.body.form[\\\"username\\\"][0])"
        },
        "expression": "ip.src eq 1.1.1.1",
        "logging": {
          "enabled": true
        },
        "ratelimit": {
          "characteristics": [
            "cf.colo.id"
          ],
          "period": 60,
          "counting_expression": "http.request.body.raw eq \"abcd\"",
          "mitigation_timeout": 600,
          "requests_per_period": 1000,
          "requests_to_origin": true,
          "score_per_period": 400,
          "score_response_header_name": "my-score"
        },
        "ref": "my_ref"
      }
    ],
    "version": "1",
    "description": "A description for my ruleset."
  },
  "success": true
}
Returns Examples
{
  "errors": [
    {
      "message": "something bad happened",
      "code": 10000,
      "source": {
        "pointer": "/rules/0/action"
      }
    }
  ],
  "messages": [
    {
      "message": "something bad happened",
      "code": 10000,
      "source": {
        "pointer": "/rules/0/action"
      }
    }
  ],
  "result": {
    "id": "2f2feab2026849078ba485f918791bdc",
    "kind": "root",
    "last_updated": "2000-01-01T00:00:00.000000Z",
    "name": "My ruleset",
    "phase": "http_request_firewall_custom",
    "rules": [
      {
        "last_updated": "2000-01-01T00:00:00.000000Z",
        "version": "1",
        "id": "3a03d665bac047339bb530ecb439a90d",
        "action": "block",
        "action_parameters": {
          "response": {
            "content": "{\n  \"success\": false,\n  \"error\": \"you have been blocked\"\n}",
            "content_type": "application/json",
            "status_code": 400
          }
        },
        "categories": [
          "directory-traversal"
        ],
        "description": "Block the request.",
        "enabled": true,
        "exposed_credential_check": {
          "password_expression": "url_decode(http.request.body.form[\\\"password\\\"][0])",
          "username_expression": "url_decode(http.request.body.form[\\\"username\\\"][0])"
        },
        "expression": "ip.src eq 1.1.1.1",
        "logging": {
          "enabled": true
        },
        "ratelimit": {
          "characteristics": [
            "cf.colo.id"
          ],
          "period": 60,
          "counting_expression": "http.request.body.raw eq \"abcd\"",
          "mitigation_timeout": 600,
          "requests_per_period": 1000,
          "requests_to_origin": true,
          "score_per_period": 400,
          "score_response_header_name": "my-score"
        },
        "ref": "my_ref"
      }
    ],
    "version": "1",
    "description": "A description for my ruleset."
  },
  "success": true
}