Rules

Create an account or zone ruleset rule

rulesets.rules.create(, ) -> RuleCreateResponse

POST/{accounts_or_zones}/{account_or_zone_id}/rulesets/{ruleset_id}/rules

Update an account or zone ruleset rule

rulesets.rules.edit(, ) -> RuleEditResponse

PATCH/{accounts_or_zones}/{account_or_zone_id}/rulesets/{ruleset_id}/rules/{rule_id}

Delete an account or zone ruleset rule

rulesets.rules.delete(, ) -> RuleDeleteResponse

DELETE/{accounts_or_zones}/{account_or_zone_id}/rulesets/{ruleset_id}/rules/{rule_id}

ModelsExpand Collapse

class BlockRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["block"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

response: Optional[ActionParametersResponse]

The response to show when the block is applied.

content: str

The content to return.

minLength1

content_type: str

The type of the content to return.

minLength1

status_code: int

The status code to return.

maximum499

minimum400

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class CompressResponseRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["compress_response"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

algorithms: List[ActionParametersAlgorithm]

Custom order for compression algorithms.

Name of the compression algorithm to enable.

One of the following:

"none"

"auto"

"default"

"gzip"

"brotli"

"zstd"

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class DDoSDynamicRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["ddos_dynamic"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class ExecuteRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["execute"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

id: str

The ID of the ruleset to execute.

matched_data: Optional[ActionParametersMatchedData]

The configuration to use for matched data logging.

public_key: str

The public key to encrypt matched data logs with.

minLength1

overrides: Optional[ActionParametersOverrides]

A set of overrides to apply to the target ruleset.

action: Optional[str]

An action to override all rules with. This option has lower precedence than rule and category overrides.

categories: Optional[List[ActionParametersOverridesCategory]]

A list of category-level overrides. This option has the second-highest precedence after rule-level overrides.

category: str

The name of the category to override.

minLength1

action: Optional[str]

The action to override rules in the category with.

enabled: Optional[bool]

Whether to enable execution of rules in the category.

sensitivity_level: Optional[Literal["default", "medium", "low", "eoff"]]

The sensitivity level to use for rules in the category. This option is only applicable for DDoS phases.

One of the following:

"default"

"medium"

"low"

"eoff"

enabled: Optional[bool]

Whether to enable execution of all rules. This option has lower precedence than rule and category overrides.

rules: Optional[List[ActionParametersOverridesRule]]

A list of rule-level overrides. This option has the highest precedence.

id: str

The ID of the rule to override.

action: Optional[str]

The action to override the rule with.

enabled: Optional[bool]

Whether to enable execution of the rule.

score_threshold: Optional[int]

The score threshold to use for the rule.

sensitivity_level: Optional[Literal["default", "medium", "low", "eoff"]]

The sensitivity level to use for the rule. This option is only applicable for DDoS phases.

One of the following:

"default"

"medium"

"low"

"eoff"

sensitivity_level: Optional[Literal["default", "medium", "low", "eoff"]]

A sensitivity level to set for all rules. This option has lower precedence than rule and category overrides and is only applicable for DDoS phases.

One of the following:

"default"

"medium"

"low"

"eoff"

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class ForceConnectionCloseRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["force_connection_close"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class LogCustomFieldRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["log_custom_field"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

cookie_fields: Optional[List[ActionParametersCookieField]]

The cookie fields to log.

The name of the cookie.

minLength1

raw_response_fields: Optional[List[ActionParametersRawResponseField]]

The raw response fields to log.

The name of the response header.

minLength1

preserve_duplicates: Optional[bool]

Whether to log duplicate values of the same header.

request_fields: Optional[List[ActionParametersRequestField]]

The raw request fields to log.

The name of the header.

minLength1

response_fields: Optional[List[ActionParametersResponseField]]

The transformed response fields to log.

The name of the response header.

minLength1

preserve_duplicates: Optional[bool]

Whether to log duplicate values of the same header.

transformed_request_fields: Optional[List[ActionParametersTransformedRequestField]]

The transformed request fields to log.

The name of the header.

minLength1

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class LogRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["log"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class Logging: …

An object configuring the rule's logging behavior.

enabled: bool

Whether to generate a log when the rule matches.

class ManagedChallengeRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["managed_challenge"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class RedirectRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["redirect"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

from_list: Optional[ActionParametersFromList]

A redirect based on a bulk list lookup.

key: str

An expression that evaluates to the list lookup key.

minLength1

The name of the list to match against.

from_value: Optional[ActionParametersFromValue]

A redirect based on the request properties.

target_url: ActionParametersFromValueTargetURL

A URL to redirect the request to.

expression: Optional[str]

An expression that evaluates to a URL to redirect the request to.

minLength1

value: Optional[str]

A URL to redirect the request to.

minLength1

preserve_query_string: Optional[bool]

Whether to keep the query string of the original request.

status_code: Optional[Literal[301, 302, 303, 2 more]]

The status code to use for the redirect.

One of the following:

301

302

303

307

308

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class RewriteRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["rewrite"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

headers: Optional[Dict[str, ActionParametersHeaders]]

A map of headers to rewrite.

One of the following:

class ActionParametersHeadersAddStaticHeader: …

A header with a static value to add.

operation: Literal["add"]

The operation to perform on the header.

value: str

A static value for the header.

minLength1

class ActionParametersHeadersAddDynamicHeader: …

A header with a dynamic value to add.

expression: str

An expression that evaluates to a value for the header.

minLength1

operation: Literal["add"]

The operation to perform on the header.

class ActionParametersHeadersSetStaticHeader: …

A header with a static value to set.

operation: Literal["set"]

The operation to perform on the header.

value: str

A static value for the header.

minLength1

class ActionParametersHeadersSetDynamicHeader: …

A header with a dynamic value to set.

expression: str

An expression that evaluates to a value for the header.

minLength1

operation: Literal["set"]

The operation to perform on the header.

class ActionParametersHeadersRemoveHeader: …

A header to remove.

operation: Literal["remove"]

The operation to perform on the header.

uri: Optional[ActionParametersURI]

A URI path rewrite.

One of the following:

class ActionParametersURIURIPath: …

A URI path rewrite.

path: ActionParametersURIURIPathPath

A URI path rewrite.

expression: Optional[str]

An expression that evaluates to a value to rewrite the URI path to.

minLength1

value: Optional[str]

A value to rewrite the URI path to.

minLength1

origin: Optional[bool]

Whether to propagate the rewritten URI to origin.

class ActionParametersURIURIQuery: …

A URI query rewrite.

query: ActionParametersURIURIQueryQuery

A URI query rewrite.

expression: Optional[str]

An expression that evaluates to a value to rewrite the URI query to.

minLength1

value: Optional[str]

A value to rewrite the URI query to.

origin: Optional[bool]

Whether to propagate the rewritten URI to origin.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class RouteRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["route"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

host_header: Optional[str]

A value to rewrite the HTTP host header to.

minLength1

origin: Optional[ActionParametersOrigin]

An origin to route to.

host: Optional[str]

A resolved host to route to.

minLength1

port: Optional[int]

A destination port to route to.

maximum65535

minimum1

sni: Optional[ActionParametersSNI]

A Server Name Indication (SNI) override.

value: str

A value to override the SNI to.

minLength1

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class RulesetRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[str]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class ScoreRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["score"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

increment: int

A delta to change the score by, which can be either positive or negative.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class ServeErrorRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["serve_error"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

One of the following:

class ActionParametersActionParametersContent: …

content: str

The response content.

minLength1

content_type: Optional[Literal["application/json", "text/html", "text/plain", "text/xml"]]

The content type header to set with the error response.

One of the following:

"application/json"

"text/html"

"text/plain"

"text/xml"

status_code: Optional[int]

The status code to use for the error.

maximum999

minimum400

class ActionParametersActionParametersAsset: …

asset_name: str

The name of a custom asset to serve as the error response.

minLength1

content_type: Optional[Literal["application/json", "text/html", "text/plain", "text/xml"]]

The content type header to set with the error response.

One of the following:

"application/json"

"text/html"

"text/plain"

"text/xml"

status_code: Optional[int]

The status code to use for the error.

maximum999

minimum400

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class SetCacheSettingsRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["set_cache_settings"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

additional_cacheable_ports: Optional[List[int]]

A list of additional ports that caching should be enabled on.

browser_ttl: Optional[ActionParametersBrowserTTL]

How long client browsers should cache the response. Cloudflare cache purge will not purge content cached on client browsers, so high browser TTLs may lead to stale content.

mode: Literal["respect_origin", "bypass_by_default", "override_origin", "bypass"]

The browser TTL mode.

One of the following:

"respect_origin"

"bypass_by_default"

"override_origin"

"bypass"

default: Optional[int]

The browser TTL (in seconds) if you choose the "override_origin" mode.

minimum0

cache: Optional[bool]

Whether the request's response from the origin is eligible for caching. Caching itself will still depend on the cache control header and your other caching configurations.

cache_key: Optional[ActionParametersCacheKey]

Which components of the request are included in or excluded from the cache key Cloudflare uses to store the response in cache.

cache_by_device_type: Optional[bool]

Whether to separate cached content based on the visitor's device type.

cache_deception_armor: Optional[bool]

Whether to protect from web cache deception attacks, while allowing static assets to be cached.

custom_key: Optional[ActionParametersCacheKeyCustomKey]

Which components of the request are included or excluded from the cache key.

host: Optional[ActionParametersCacheKeyCustomKeyHost]

How to use the host in the cache key.

resolved: Optional[bool]

Whether to use the resolved host in the cache key.

query_string: Optional[ActionParametersCacheKeyCustomKeyQueryString]

Which query string parameters to include in or exclude from the cache key.

Which query string parameters to exclude from the cache key.

all: Optional[Literal[true]]

Whether to exclude all query string parameters from the cache key.

list: Optional[List[str]]

A list of query string parameters to exclude from the cache key.

include: Optional[ActionParametersCacheKeyCustomKeyQueryStringInclude]

Which query string parameters to include in the cache key.

all: Optional[Literal[true]]

Whether to include all query string parameters in the cache key.

list: Optional[List[str]]

A list of query string parameters to include in the cache key.

user: Optional[ActionParametersCacheKeyCustomKeyUser]

How to use characteristics of the request user agent in the cache key.

device_type: Optional[bool]

Whether to use the user agent's device type in the cache key.

geo: Optional[bool]

Whether to use the user agents's country in the cache key.

lang: Optional[bool]

Whether to use the user agent's language in the cache key.

ignore_query_strings_order: Optional[bool]

Whether to treat requests with the same query parameters the same, regardless of the order those query parameters are in.

cache_reserve: Optional[ActionParametersCacheReserve]

Settings to determine whether the request's response from origin is eligible for Cache Reserve (requires a Cache Reserve add-on plan).

eligible: bool

Whether Cache Reserve is enabled. If this is true and a request meets eligibility criteria, Cloudflare will write the resource to Cache Reserve.

minimum_file_size: Optional[int]

The minimum file size eligible for storage in Cache Reserve.

minimum0

edge_ttl: Optional[ActionParametersEdgeTTL]

How long the Cloudflare edge network should cache the response.

mode: Literal["respect_origin", "bypass_by_default", "override_origin"]

The edge TTL mode.

One of the following:

"respect_origin"

"bypass_by_default"

"override_origin"

default: Optional[int]

The edge TTL (in seconds) if you choose the "override_origin" mode.

minimum0

status_code_ttl: Optional[List[ActionParametersEdgeTTLStatusCodeTTL]]

A list of TTLs to apply to specific status codes or status code ranges.

value: int

The time to cache the response for (in seconds). A value of 0 is equivalent to setting the cache control header with the value "no-cache". A value of -1 is equivalent to setting the cache control header with the value of "no-store".

status_code: Optional[int]

A single status code to apply the TTL to.

maximum999

minimum100

status_code_range: Optional[ActionParametersEdgeTTLStatusCodeTTLStatusCodeRange]

A range of status codes to apply the TTL to.

from_: Optional[int]

The lower bound of the range.

maximum999

minimum100

to: Optional[int]

The upper bound of the range.

maximum999

minimum100

origin_cache_control: Optional[bool]

Whether Cloudflare will aim to strictly adhere to RFC 7234.

origin_error_page_passthru: Optional[bool]

Whether to generate Cloudflare error pages for issues from the origin server.

read_timeout: Optional[int]

A timeout value between two successive read operations to use for your origin server. Historically, the timeout value between two read options from Cloudflare to an origin server is 100 seconds. If you are attempting to reduce HTTP 524 errors because of timeouts from an origin server, try increasing this timeout value.

maximum6000

minimum100

respect_strong_etags: Optional[bool]

Whether Cloudflare should respect strong ETag (entity tag) headers. If false, Cloudflare converts strong ETag headers to weak ETag headers.

serve_stale: Optional[ActionParametersServeStale]

When to serve stale content from cache.

disable_stale_while_updating: Optional[bool]

Whether Cloudflare should disable serving stale content while getting the latest content from the origin.

shared_dictionary: Optional[ActionParametersSharedDictionary]

Configuration for shared dictionary compression. When set, Cloudflare injects Use-As-Dictionary headers on matching cacheable responses.

match_pattern: str

URL pattern for the Use-As-Dictionary match field. This pattern specifies which URLs can use this response as a dictionary.

maxLength1024

minLength1

strip_etags: Optional[bool]

Whether to strip ETag headers from the origin response before caching.

strip_last_modified: Optional[bool]

Whether to strip Last-Modified headers from the origin response before caching.

strip_set_cookie: Optional[bool]

Whether to strip Set-Cookie headers from the origin response before caching.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class SetConfigRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["set_config"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

automatic_https_rewrites: Optional[bool]

Whether to enable Automatic HTTPS Rewrites.

autominify: Optional[ActionParametersAutominify]

Which file extensions to minify automatically.

css: Optional[bool]

Whether to minify CSS files.

html: Optional[bool]

Whether to minify HTML files.

js: Optional[bool]

Whether to minify JavaScript files.

bic: Optional[bool]

Whether to enable Browser Integrity Check (BIC).

content_converter: Optional[bool]

Whether to enable content conversion (e.g., HTML to Markdown).

Deprecateddisable_apps: Optional[Literal[true]]

Cloudflare Apps are deprected.

Whether to disable Cloudflare Apps.

disable_pay_per_crawl: Optional[Literal[true]]

Whether to disable Pay Per Crawl.

disable_rum: Optional[Literal[true]]

Whether to disable Real User Monitoring (RUM).

disable_zaraz: Optional[Literal[true]]

Whether to disable Zaraz.

email_obfuscation: Optional[bool]

Whether to enable Email Obfuscation.

fonts: Optional[bool]

Whether to enable Cloudflare Fonts.

hotlink_protection: Optional[bool]

Whether to enable Hotlink Protection.

Deprecatedmirage: Optional[bool]

Mirage is deprecated. More information at https://developers.cloudflare.com/speed/optimization/images/mirage/.

Whether to enable Mirage.

opportunistic_encryption: Optional[bool]

Whether to enable Opportunistic Encryption.

polish: Optional[Literal["off", "lossless", "lossy", "webp"]]

The Polish level to configure.

One of the following:

"off"

"lossless"

"lossy"

"webp"

redirects_for_ai_training: Optional[bool]

Whether to redirect verified AI training crawlers to canonical URLs found in the HTML response.

request_body_buffering: Optional[Literal["none", "standard", "full"]]

The request body buffering mode.

One of the following:

"none"

"standard"

"full"

response_body_buffering: Optional[Literal["none", "standard"]]

The response body buffering mode.

One of the following:

"none"

"standard"

rocket_loader: Optional[bool]

Whether to enable Rocket Loader.

security_level: Optional[Literal["off", "essentially_off", "low", 3 more]]

The Security Level to configure.

One of the following:

"off"

"essentially_off"

"low"

"medium"

"high"

"under_attack"

server_side_excludes: Optional[bool]

Whether to enable Server-Side Excludes.

ssl: Optional[Literal["off", "flexible", "full", 2 more]]

The SSL level to configure.

One of the following:

"off"

"flexible"

"full"

"strict"

"origin_pull"

sxg: Optional[bool]

Whether to enable Signed Exchanges (SXG).

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class SkipRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["skip"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

phase: Optional[Literal["current"]]

A phase to skip the execution of. This option is only compatible with the products option.

phases: Optional[List[Phase]]

A list of phases to skip the execution of. This option is incompatible with the rulesets option.

One of the following:

"ddos_l4"

"ddos_l7"

"http_config_settings"

"http_custom_errors"

"http_log_custom_fields"

"http_ratelimit"

"http_request_cache_settings"

"http_request_dynamic_redirect"

"http_request_firewall_custom"

"http_request_firewall_managed"

"http_request_late_transform"

"http_request_origin"

"http_request_redirect"

"http_request_sanitize"

"http_request_sbfm"

"http_request_transform"

"http_response_cache_settings"

"http_response_compression"

"http_response_firewall_managed"

"http_response_headers_transform"

"magic_transit"

"magic_transit_ids_managed"

"magic_transit_managed"

"magic_transit_ratelimit"

products: Optional[List[Literal["bic", "hot", "rateLimit", 4 more]]]

A list of legacy security products to skip the execution of.

One of the following:

"bic"

"hot"

"rateLimit"

"securityLevel"

"uaBlock"

"waf"

"zoneLockdown"

rules: Optional[Dict[str, List[str]]]

A mapping of ruleset IDs to a list of rule IDs in that ruleset to skip the execution of. This option is incompatible with the ruleset option.

ruleset: Optional[Literal["current"]]

A ruleset to skip the execution of. This option is incompatible with the rulesets option.

rulesets: Optional[List[str]]

A list of ruleset IDs to skip the execution of. This option is incompatible with the ruleset and phases options.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class RuleCreateResponse: …

A ruleset object.

id: str

The unique ID of the ruleset.

kind: Kind

The kind of the ruleset.

last_updated: datetime

The timestamp of when the ruleset was last modified.

formatdate-time

The human-readable name of the ruleset.

minLength1

phase: Phase

The phase of the ruleset.

rules: List[Rule]

The list of rules in the ruleset.

One of the following:

class BlockRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["block"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

response: Optional[ActionParametersResponse]

The response to show when the block is applied.

content: str

The content to return.

minLength1

content_type: str

The type of the content to return.

minLength1

status_code: int

The status code to return.

maximum499

minimum400

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class RuleRulesetsChallengeRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["challenge"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[RuleRulesetsChallengeRuleExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[RuleRulesetsChallengeRuleRatelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class CompressResponseRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["compress_response"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

algorithms: List[ActionParametersAlgorithm]

Custom order for compression algorithms.

Name of the compression algorithm to enable.

One of the following:

"none"

"auto"

"default"

"gzip"

"brotli"

"zstd"

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class DDoSDynamicRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["ddos_dynamic"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class ExecuteRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["execute"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

id: str

The ID of the ruleset to execute.

matched_data: Optional[ActionParametersMatchedData]

The configuration to use for matched data logging.

public_key: str

The public key to encrypt matched data logs with.

minLength1

overrides: Optional[ActionParametersOverrides]

A set of overrides to apply to the target ruleset.

action: Optional[str]

An action to override all rules with. This option has lower precedence than rule and category overrides.

categories: Optional[List[ActionParametersOverridesCategory]]

A list of category-level overrides. This option has the second-highest precedence after rule-level overrides.

category: str

The name of the category to override.

minLength1

action: Optional[str]

The action to override rules in the category with.

enabled: Optional[bool]

Whether to enable execution of rules in the category.

sensitivity_level: Optional[Literal["default", "medium", "low", "eoff"]]

The sensitivity level to use for rules in the category. This option is only applicable for DDoS phases.

One of the following:

"default"

"medium"

"low"

"eoff"

enabled: Optional[bool]

Whether to enable execution of all rules. This option has lower precedence than rule and category overrides.

rules: Optional[List[ActionParametersOverridesRule]]

A list of rule-level overrides. This option has the highest precedence.

id: str

The ID of the rule to override.

action: Optional[str]

The action to override the rule with.

enabled: Optional[bool]

Whether to enable execution of the rule.

score_threshold: Optional[int]

The score threshold to use for the rule.

sensitivity_level: Optional[Literal["default", "medium", "low", "eoff"]]

The sensitivity level to use for the rule. This option is only applicable for DDoS phases.

One of the following:

"default"

"medium"

"low"

"eoff"

sensitivity_level: Optional[Literal["default", "medium", "low", "eoff"]]

A sensitivity level to set for all rules. This option has lower precedence than rule and category overrides and is only applicable for DDoS phases.

One of the following:

"default"

"medium"

"low"

"eoff"

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class ForceConnectionCloseRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["force_connection_close"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class RuleRulesetsJSChallengeRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["js_challenge"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[RuleRulesetsJSChallengeRuleExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[RuleRulesetsJSChallengeRuleRatelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class LogRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["log"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class LogCustomFieldRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["log_custom_field"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

cookie_fields: Optional[List[ActionParametersCookieField]]

The cookie fields to log.

The name of the cookie.

minLength1

raw_response_fields: Optional[List[ActionParametersRawResponseField]]

The raw response fields to log.

The name of the response header.

minLength1

preserve_duplicates: Optional[bool]

Whether to log duplicate values of the same header.

request_fields: Optional[List[ActionParametersRequestField]]

The raw request fields to log.

The name of the header.

minLength1

response_fields: Optional[List[ActionParametersResponseField]]

The transformed response fields to log.

The name of the response header.

minLength1

preserve_duplicates: Optional[bool]

Whether to log duplicate values of the same header.

transformed_request_fields: Optional[List[ActionParametersTransformedRequestField]]

The transformed request fields to log.

The name of the header.

minLength1

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class ManagedChallengeRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["managed_challenge"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class RedirectRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["redirect"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

from_list: Optional[ActionParametersFromList]

A redirect based on a bulk list lookup.

key: str

An expression that evaluates to the list lookup key.

minLength1

The name of the list to match against.

from_value: Optional[ActionParametersFromValue]

A redirect based on the request properties.

target_url: ActionParametersFromValueTargetURL

A URL to redirect the request to.

expression: Optional[str]

An expression that evaluates to a URL to redirect the request to.

minLength1

value: Optional[str]

A URL to redirect the request to.

minLength1

preserve_query_string: Optional[bool]

Whether to keep the query string of the original request.

status_code: Optional[Literal[301, 302, 303, 2 more]]

The status code to use for the redirect.

One of the following:

301

302

303

307

308

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class RewriteRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["rewrite"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

headers: Optional[Dict[str, ActionParametersHeaders]]

A map of headers to rewrite.

One of the following:

class ActionParametersHeadersAddStaticHeader: …

A header with a static value to add.

operation: Literal["add"]

The operation to perform on the header.

value: str

A static value for the header.

minLength1

class ActionParametersHeadersAddDynamicHeader: …

A header with a dynamic value to add.

expression: str

An expression that evaluates to a value for the header.

minLength1

operation: Literal["add"]

The operation to perform on the header.

class ActionParametersHeadersSetStaticHeader: …

A header with a static value to set.

operation: Literal["set"]

The operation to perform on the header.

value: str

A static value for the header.

minLength1

class ActionParametersHeadersSetDynamicHeader: …

A header with a dynamic value to set.

expression: str

An expression that evaluates to a value for the header.

minLength1

operation: Literal["set"]

The operation to perform on the header.

class ActionParametersHeadersRemoveHeader: …

A header to remove.

operation: Literal["remove"]

The operation to perform on the header.

uri: Optional[ActionParametersURI]

A URI path rewrite.

One of the following:

class ActionParametersURIURIPath: …

A URI path rewrite.

path: ActionParametersURIURIPathPath

A URI path rewrite.

expression: Optional[str]

An expression that evaluates to a value to rewrite the URI path to.

minLength1

value: Optional[str]

A value to rewrite the URI path to.

minLength1

origin: Optional[bool]

Whether to propagate the rewritten URI to origin.

class ActionParametersURIURIQuery: …

A URI query rewrite.

query: ActionParametersURIURIQueryQuery

A URI query rewrite.

expression: Optional[str]

An expression that evaluates to a value to rewrite the URI query to.

minLength1

value: Optional[str]

A value to rewrite the URI query to.

origin: Optional[bool]

Whether to propagate the rewritten URI to origin.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class RouteRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["route"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

host_header: Optional[str]

A value to rewrite the HTTP host header to.

minLength1

origin: Optional[ActionParametersOrigin]

An origin to route to.

host: Optional[str]

A resolved host to route to.

minLength1

port: Optional[int]

A destination port to route to.

maximum65535

minimum1

sni: Optional[ActionParametersSNI]

A Server Name Indication (SNI) override.

value: str

A value to override the SNI to.

minLength1

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class ScoreRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["score"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

increment: int

A delta to change the score by, which can be either positive or negative.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class ServeErrorRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["serve_error"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

One of the following:

class ActionParametersActionParametersContent: …

content: str

The response content.

minLength1

content_type: Optional[Literal["application/json", "text/html", "text/plain", "text/xml"]]

The content type header to set with the error response.

One of the following:

"application/json"

"text/html"

"text/plain"

"text/xml"

status_code: Optional[int]

The status code to use for the error.

maximum999

minimum400

class ActionParametersActionParametersAsset: …

asset_name: str

The name of a custom asset to serve as the error response.

minLength1

content_type: Optional[Literal["application/json", "text/html", "text/plain", "text/xml"]]

The content type header to set with the error response.

One of the following:

"application/json"

"text/html"

"text/plain"

"text/xml"

status_code: Optional[int]

The status code to use for the error.

maximum999

minimum400

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class RuleRulesetsSetCacheControlRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["set_cache_control"]]

The action to perform when the rule matches.

action_parameters: Optional[RuleRulesetsSetCacheControlRuleActionParameters]

The parameters configuring the rule's action.

immutable: Optional[RuleRulesetsSetCacheControlRuleActionParametersImmutable]

A cache-control directive configuration.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersImmutableSetDirective: …

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersImmutableRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

max_age: Optional[RuleRulesetsSetCacheControlRuleActionParametersMaxAge]

A cache-control directive configuration that accepts a duration value in seconds.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersMaxAgeSetDirective: …

Set the directive with a duration value in seconds.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

value: int

The duration value in seconds for the directive.

minimum0

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersMaxAgeRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

must_revalidate: Optional[RuleRulesetsSetCacheControlRuleActionParametersMustRevalidate]

A cache-control directive configuration.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersMustRevalidateSetDirective: …

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersMustRevalidateRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

must_understand: Optional[RuleRulesetsSetCacheControlRuleActionParametersMustUnderstand]

A cache-control directive configuration.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersMustUnderstandSetDirective: …

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersMustUnderstandRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

no_cache: Optional[RuleRulesetsSetCacheControlRuleActionParametersNoCache]

A cache-control directive configuration that accepts optional qualifiers (header names).

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersNoCacheSetDirective: …

Set the directive with optional qualifiers.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

qualifiers: Optional[List[str]]

Optional list of header names to qualify the directive (e.g., for "private" or "no-cache" directives).

class RuleRulesetsSetCacheControlRuleActionParametersNoCacheRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

no_store: Optional[RuleRulesetsSetCacheControlRuleActionParametersNoStore]

A cache-control directive configuration.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersNoStoreSetDirective: …

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersNoStoreRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

no_transform: Optional[RuleRulesetsSetCacheControlRuleActionParametersNoTransform]

A cache-control directive configuration.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersNoTransformSetDirective: …

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersNoTransformRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

private: Optional[RuleRulesetsSetCacheControlRuleActionParametersPrivate]

A cache-control directive configuration that accepts optional qualifiers (header names).

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersPrivateSetDirective: …

Set the directive with optional qualifiers.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

qualifiers: Optional[List[str]]

Optional list of header names to qualify the directive (e.g., for "private" or "no-cache" directives).

class RuleRulesetsSetCacheControlRuleActionParametersPrivateRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

proxy_revalidate: Optional[RuleRulesetsSetCacheControlRuleActionParametersProxyRevalidate]

A cache-control directive configuration.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersProxyRevalidateSetDirective: …

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersProxyRevalidateRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

public: Optional[RuleRulesetsSetCacheControlRuleActionParametersPublic]

A cache-control directive configuration.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersPublicSetDirective: …

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersPublicRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

s_maxage: Optional[RuleRulesetsSetCacheControlRuleActionParametersSMaxage]

A cache-control directive configuration that accepts a duration value in seconds.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersSMaxageSetDirective: …

Set the directive with a duration value in seconds.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

value: int

The duration value in seconds for the directive.

minimum0

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersSMaxageRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

stale_if_error: Optional[RuleRulesetsSetCacheControlRuleActionParametersStaleIfError]

A cache-control directive configuration that accepts a duration value in seconds.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersStaleIfErrorSetDirective: …

Set the directive with a duration value in seconds.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

value: int

The duration value in seconds for the directive.

minimum0

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersStaleIfErrorRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

stale_while_revalidate: Optional[RuleRulesetsSetCacheControlRuleActionParametersStaleWhileRevalidate]

A cache-control directive configuration that accepts a duration value in seconds.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersStaleWhileRevalidateSetDirective: …

Set the directive with a duration value in seconds.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

value: int

The duration value in seconds for the directive.

minimum0

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersStaleWhileRevalidateRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[RuleRulesetsSetCacheControlRuleExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[RuleRulesetsSetCacheControlRuleRatelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class SetCacheSettingsRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["set_cache_settings"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

additional_cacheable_ports: Optional[List[int]]

A list of additional ports that caching should be enabled on.

browser_ttl: Optional[ActionParametersBrowserTTL]

How long client browsers should cache the response. Cloudflare cache purge will not purge content cached on client browsers, so high browser TTLs may lead to stale content.

mode: Literal["respect_origin", "bypass_by_default", "override_origin", "bypass"]

The browser TTL mode.

One of the following:

"respect_origin"

"bypass_by_default"

"override_origin"

"bypass"

default: Optional[int]

The browser TTL (in seconds) if you choose the "override_origin" mode.

minimum0

cache: Optional[bool]

Whether the request's response from the origin is eligible for caching. Caching itself will still depend on the cache control header and your other caching configurations.

cache_key: Optional[ActionParametersCacheKey]

Which components of the request are included in or excluded from the cache key Cloudflare uses to store the response in cache.

cache_by_device_type: Optional[bool]

Whether to separate cached content based on the visitor's device type.

cache_deception_armor: Optional[bool]

Whether to protect from web cache deception attacks, while allowing static assets to be cached.

custom_key: Optional[ActionParametersCacheKeyCustomKey]

Which components of the request are included or excluded from the cache key.

host: Optional[ActionParametersCacheKeyCustomKeyHost]

How to use the host in the cache key.

resolved: Optional[bool]

Whether to use the resolved host in the cache key.

query_string: Optional[ActionParametersCacheKeyCustomKeyQueryString]

Which query string parameters to include in or exclude from the cache key.

Which query string parameters to exclude from the cache key.

all: Optional[Literal[true]]

Whether to exclude all query string parameters from the cache key.

list: Optional[List[str]]

A list of query string parameters to exclude from the cache key.

include: Optional[ActionParametersCacheKeyCustomKeyQueryStringInclude]

Which query string parameters to include in the cache key.

all: Optional[Literal[true]]

Whether to include all query string parameters in the cache key.

list: Optional[List[str]]

A list of query string parameters to include in the cache key.

user: Optional[ActionParametersCacheKeyCustomKeyUser]

How to use characteristics of the request user agent in the cache key.

device_type: Optional[bool]

Whether to use the user agent's device type in the cache key.

geo: Optional[bool]

Whether to use the user agents's country in the cache key.

lang: Optional[bool]

Whether to use the user agent's language in the cache key.

ignore_query_strings_order: Optional[bool]

Whether to treat requests with the same query parameters the same, regardless of the order those query parameters are in.

cache_reserve: Optional[ActionParametersCacheReserve]

Settings to determine whether the request's response from origin is eligible for Cache Reserve (requires a Cache Reserve add-on plan).

eligible: bool

Whether Cache Reserve is enabled. If this is true and a request meets eligibility criteria, Cloudflare will write the resource to Cache Reserve.

minimum_file_size: Optional[int]

The minimum file size eligible for storage in Cache Reserve.

minimum0

edge_ttl: Optional[ActionParametersEdgeTTL]

How long the Cloudflare edge network should cache the response.

mode: Literal["respect_origin", "bypass_by_default", "override_origin"]

The edge TTL mode.

One of the following:

"respect_origin"

"bypass_by_default"

"override_origin"

default: Optional[int]

The edge TTL (in seconds) if you choose the "override_origin" mode.

minimum0

status_code_ttl: Optional[List[ActionParametersEdgeTTLStatusCodeTTL]]

A list of TTLs to apply to specific status codes or status code ranges.

value: int

status_code: Optional[int]

A single status code to apply the TTL to.

maximum999

minimum100

status_code_range: Optional[ActionParametersEdgeTTLStatusCodeTTLStatusCodeRange]

A range of status codes to apply the TTL to.

from_: Optional[int]

The lower bound of the range.

maximum999

minimum100

to: Optional[int]

The upper bound of the range.

maximum999

minimum100

origin_cache_control: Optional[bool]

Whether Cloudflare will aim to strictly adhere to RFC 7234.

origin_error_page_passthru: Optional[bool]

Whether to generate Cloudflare error pages for issues from the origin server.

read_timeout: Optional[int]

maximum6000

minimum100

respect_strong_etags: Optional[bool]

Whether Cloudflare should respect strong ETag (entity tag) headers. If false, Cloudflare converts strong ETag headers to weak ETag headers.

serve_stale: Optional[ActionParametersServeStale]

When to serve stale content from cache.

disable_stale_while_updating: Optional[bool]

Whether Cloudflare should disable serving stale content while getting the latest content from the origin.

shared_dictionary: Optional[ActionParametersSharedDictionary]

Configuration for shared dictionary compression. When set, Cloudflare injects Use-As-Dictionary headers on matching cacheable responses.

match_pattern: str

URL pattern for the Use-As-Dictionary match field. This pattern specifies which URLs can use this response as a dictionary.

maxLength1024

minLength1

strip_etags: Optional[bool]

Whether to strip ETag headers from the origin response before caching.

strip_last_modified: Optional[bool]

Whether to strip Last-Modified headers from the origin response before caching.

strip_set_cookie: Optional[bool]

Whether to strip Set-Cookie headers from the origin response before caching.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class RuleRulesetsSetCacheTagsRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["set_cache_tags"]]

The action to perform when the rule matches.

action_parameters: Optional[RuleRulesetsSetCacheTagsRuleActionParameters]

The parameters configuring the rule's action.

One of the following:

class RuleRulesetsSetCacheTagsRuleActionParametersAddCacheTagsValues: …

Add cache tags using a list of values.

operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:

"add"

"remove"

"set"

values: List[str]

A list of cache tag values.

class RuleRulesetsSetCacheTagsRuleActionParametersAddCacheTagsExpression: …

Add cache tags using an expression.

expression: str

An expression that evaluates to an array of cache tag values.

minLength1

operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:

"add"

"remove"

"set"

class RuleRulesetsSetCacheTagsRuleActionParametersRemoveCacheTagsValues: …

Remove cache tags using a list of values.

operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:

"add"

"remove"

"set"

values: List[str]

A list of cache tag values.

class RuleRulesetsSetCacheTagsRuleActionParametersRemoveCacheTagsExpression: …

Remove cache tags using an expression.

expression: str

An expression that evaluates to an array of cache tag values.

minLength1

operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:

"add"

"remove"

"set"

class RuleRulesetsSetCacheTagsRuleActionParametersSetCacheTagsValues: …

Set cache tags using a list of values.

operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:

"add"

"remove"

"set"

values: List[str]

A list of cache tag values.

class RuleRulesetsSetCacheTagsRuleActionParametersSetCacheTagsExpression: …

Set cache tags using an expression.

expression: str

An expression that evaluates to an array of cache tag values.

minLength1

operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:

"add"

"remove"

"set"

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[RuleRulesetsSetCacheTagsRuleExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[RuleRulesetsSetCacheTagsRuleRatelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class SetConfigRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["set_config"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

automatic_https_rewrites: Optional[bool]

Whether to enable Automatic HTTPS Rewrites.

autominify: Optional[ActionParametersAutominify]

Which file extensions to minify automatically.

css: Optional[bool]

Whether to minify CSS files.

html: Optional[bool]

Whether to minify HTML files.

js: Optional[bool]

Whether to minify JavaScript files.

bic: Optional[bool]

Whether to enable Browser Integrity Check (BIC).

content_converter: Optional[bool]

Whether to enable content conversion (e.g., HTML to Markdown).

Deprecateddisable_apps: Optional[Literal[true]]

Cloudflare Apps are deprected.

Whether to disable Cloudflare Apps.

disable_pay_per_crawl: Optional[Literal[true]]

Whether to disable Pay Per Crawl.

disable_rum: Optional[Literal[true]]

Whether to disable Real User Monitoring (RUM).

disable_zaraz: Optional[Literal[true]]

Whether to disable Zaraz.

email_obfuscation: Optional[bool]

Whether to enable Email Obfuscation.

fonts: Optional[bool]

Whether to enable Cloudflare Fonts.

hotlink_protection: Optional[bool]

Whether to enable Hotlink Protection.

Deprecatedmirage: Optional[bool]

Mirage is deprecated. More information at https://developers.cloudflare.com/speed/optimization/images/mirage/.

Whether to enable Mirage.

opportunistic_encryption: Optional[bool]

Whether to enable Opportunistic Encryption.

polish: Optional[Literal["off", "lossless", "lossy", "webp"]]

The Polish level to configure.

One of the following:

"off"

"lossless"

"lossy"

"webp"

redirects_for_ai_training: Optional[bool]

Whether to redirect verified AI training crawlers to canonical URLs found in the HTML response.

request_body_buffering: Optional[Literal["none", "standard", "full"]]

The request body buffering mode.

One of the following:

"none"

"standard"

"full"

response_body_buffering: Optional[Literal["none", "standard"]]

The response body buffering mode.

One of the following:

"none"

"standard"

rocket_loader: Optional[bool]

Whether to enable Rocket Loader.

security_level: Optional[Literal["off", "essentially_off", "low", 3 more]]

The Security Level to configure.

One of the following:

"off"

"essentially_off"

"low"

"medium"

"high"

"under_attack"

server_side_excludes: Optional[bool]

Whether to enable Server-Side Excludes.

ssl: Optional[Literal["off", "flexible", "full", 2 more]]

The SSL level to configure.

One of the following:

"off"

"flexible"

"full"

"strict"

"origin_pull"

sxg: Optional[bool]

Whether to enable Signed Exchanges (SXG).

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class SkipRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["skip"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

phase: Optional[Literal["current"]]

A phase to skip the execution of. This option is only compatible with the products option.

phases: Optional[List[Phase]]

A list of phases to skip the execution of. This option is incompatible with the rulesets option.

One of the following:

"ddos_l4"

"ddos_l7"

"http_config_settings"

"http_custom_errors"

"http_log_custom_fields"

"http_ratelimit"

"http_request_cache_settings"

"http_request_dynamic_redirect"

"http_request_firewall_custom"

"http_request_firewall_managed"

"http_request_late_transform"

"http_request_origin"

"http_request_redirect"

"http_request_sanitize"

"http_request_sbfm"

"http_request_transform"

"http_response_cache_settings"

"http_response_compression"

"http_response_firewall_managed"

"http_response_headers_transform"

"magic_transit"

"magic_transit_ids_managed"

"magic_transit_managed"

"magic_transit_ratelimit"

products: Optional[List[Literal["bic", "hot", "rateLimit", 4 more]]]

A list of legacy security products to skip the execution of.

One of the following:

"bic"

"hot"

"rateLimit"

"securityLevel"

"uaBlock"

"waf"

"zoneLockdown"

rules: Optional[Dict[str, List[str]]]

A mapping of ruleset IDs to a list of rule IDs in that ruleset to skip the execution of. This option is incompatible with the ruleset option.

ruleset: Optional[Literal["current"]]

A ruleset to skip the execution of. This option is incompatible with the rulesets option.

rulesets: Optional[List[str]]

A list of ruleset IDs to skip the execution of. This option is incompatible with the ruleset and phases options.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

version: str

The version of the ruleset.

description: Optional[str]

An informative description of the ruleset.

class RuleEditResponse: …

A ruleset object.

id: str

The unique ID of the ruleset.

kind: Kind

The kind of the ruleset.

last_updated: datetime

The timestamp of when the ruleset was last modified.

formatdate-time

The human-readable name of the ruleset.

minLength1

phase: Phase

The phase of the ruleset.

rules: List[Rule]

The list of rules in the ruleset.

One of the following:

class BlockRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["block"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

response: Optional[ActionParametersResponse]

The response to show when the block is applied.

content: str

The content to return.

minLength1

content_type: str

The type of the content to return.

minLength1

status_code: int

The status code to return.

maximum499

minimum400

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class RuleRulesetsChallengeRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["challenge"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[RuleRulesetsChallengeRuleExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[RuleRulesetsChallengeRuleRatelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class CompressResponseRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["compress_response"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

algorithms: List[ActionParametersAlgorithm]

Custom order for compression algorithms.

Name of the compression algorithm to enable.

One of the following:

"none"

"auto"

"default"

"gzip"

"brotli"

"zstd"

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class DDoSDynamicRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["ddos_dynamic"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class ExecuteRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["execute"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

id: str

The ID of the ruleset to execute.

matched_data: Optional[ActionParametersMatchedData]

The configuration to use for matched data logging.

public_key: str

The public key to encrypt matched data logs with.

minLength1

overrides: Optional[ActionParametersOverrides]

A set of overrides to apply to the target ruleset.

action: Optional[str]

An action to override all rules with. This option has lower precedence than rule and category overrides.

categories: Optional[List[ActionParametersOverridesCategory]]

A list of category-level overrides. This option has the second-highest precedence after rule-level overrides.

category: str

The name of the category to override.

minLength1

action: Optional[str]

The action to override rules in the category with.

enabled: Optional[bool]

Whether to enable execution of rules in the category.

sensitivity_level: Optional[Literal["default", "medium", "low", "eoff"]]

The sensitivity level to use for rules in the category. This option is only applicable for DDoS phases.

One of the following:

"default"

"medium"

"low"

"eoff"

enabled: Optional[bool]

Whether to enable execution of all rules. This option has lower precedence than rule and category overrides.

rules: Optional[List[ActionParametersOverridesRule]]

A list of rule-level overrides. This option has the highest precedence.

id: str

The ID of the rule to override.

action: Optional[str]

The action to override the rule with.

enabled: Optional[bool]

Whether to enable execution of the rule.

score_threshold: Optional[int]

The score threshold to use for the rule.

sensitivity_level: Optional[Literal["default", "medium", "low", "eoff"]]

The sensitivity level to use for the rule. This option is only applicable for DDoS phases.

One of the following:

"default"

"medium"

"low"

"eoff"

sensitivity_level: Optional[Literal["default", "medium", "low", "eoff"]]

A sensitivity level to set for all rules. This option has lower precedence than rule and category overrides and is only applicable for DDoS phases.

One of the following:

"default"

"medium"

"low"

"eoff"

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class ForceConnectionCloseRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["force_connection_close"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class RuleRulesetsJSChallengeRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["js_challenge"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[RuleRulesetsJSChallengeRuleExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[RuleRulesetsJSChallengeRuleRatelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class LogRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["log"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class LogCustomFieldRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["log_custom_field"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

cookie_fields: Optional[List[ActionParametersCookieField]]

The cookie fields to log.

The name of the cookie.

minLength1

raw_response_fields: Optional[List[ActionParametersRawResponseField]]

The raw response fields to log.

The name of the response header.

minLength1

preserve_duplicates: Optional[bool]

Whether to log duplicate values of the same header.

request_fields: Optional[List[ActionParametersRequestField]]

The raw request fields to log.

The name of the header.

minLength1

response_fields: Optional[List[ActionParametersResponseField]]

The transformed response fields to log.

The name of the response header.

minLength1

preserve_duplicates: Optional[bool]

Whether to log duplicate values of the same header.

transformed_request_fields: Optional[List[ActionParametersTransformedRequestField]]

The transformed request fields to log.

The name of the header.

minLength1

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class ManagedChallengeRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["managed_challenge"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class RedirectRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["redirect"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

from_list: Optional[ActionParametersFromList]

A redirect based on a bulk list lookup.

key: str

An expression that evaluates to the list lookup key.

minLength1

The name of the list to match against.

from_value: Optional[ActionParametersFromValue]

A redirect based on the request properties.

target_url: ActionParametersFromValueTargetURL

A URL to redirect the request to.

expression: Optional[str]

An expression that evaluates to a URL to redirect the request to.

minLength1

value: Optional[str]

A URL to redirect the request to.

minLength1

preserve_query_string: Optional[bool]

Whether to keep the query string of the original request.

status_code: Optional[Literal[301, 302, 303, 2 more]]

The status code to use for the redirect.

One of the following:

301

302

303

307

308

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class RewriteRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["rewrite"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

headers: Optional[Dict[str, ActionParametersHeaders]]

A map of headers to rewrite.

One of the following:

class ActionParametersHeadersAddStaticHeader: …

A header with a static value to add.

operation: Literal["add"]

The operation to perform on the header.

value: str

A static value for the header.

minLength1

class ActionParametersHeadersAddDynamicHeader: …

A header with a dynamic value to add.

expression: str

An expression that evaluates to a value for the header.

minLength1

operation: Literal["add"]

The operation to perform on the header.

class ActionParametersHeadersSetStaticHeader: …

A header with a static value to set.

operation: Literal["set"]

The operation to perform on the header.

value: str

A static value for the header.

minLength1

class ActionParametersHeadersSetDynamicHeader: …

A header with a dynamic value to set.

expression: str

An expression that evaluates to a value for the header.

minLength1

operation: Literal["set"]

The operation to perform on the header.

class ActionParametersHeadersRemoveHeader: …

A header to remove.

operation: Literal["remove"]

The operation to perform on the header.

uri: Optional[ActionParametersURI]

A URI path rewrite.

One of the following:

class ActionParametersURIURIPath: …

A URI path rewrite.

path: ActionParametersURIURIPathPath

A URI path rewrite.

expression: Optional[str]

An expression that evaluates to a value to rewrite the URI path to.

minLength1

value: Optional[str]

A value to rewrite the URI path to.

minLength1

origin: Optional[bool]

Whether to propagate the rewritten URI to origin.

class ActionParametersURIURIQuery: …

A URI query rewrite.

query: ActionParametersURIURIQueryQuery

A URI query rewrite.

expression: Optional[str]

An expression that evaluates to a value to rewrite the URI query to.

minLength1

value: Optional[str]

A value to rewrite the URI query to.

origin: Optional[bool]

Whether to propagate the rewritten URI to origin.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class RouteRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["route"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

host_header: Optional[str]

A value to rewrite the HTTP host header to.

minLength1

origin: Optional[ActionParametersOrigin]

An origin to route to.

host: Optional[str]

A resolved host to route to.

minLength1

port: Optional[int]

A destination port to route to.

maximum65535

minimum1

sni: Optional[ActionParametersSNI]

A Server Name Indication (SNI) override.

value: str

A value to override the SNI to.

minLength1

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class ScoreRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["score"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

increment: int

A delta to change the score by, which can be either positive or negative.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class ServeErrorRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["serve_error"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

One of the following:

class ActionParametersActionParametersContent: …

content: str

The response content.

minLength1

content_type: Optional[Literal["application/json", "text/html", "text/plain", "text/xml"]]

The content type header to set with the error response.

One of the following:

"application/json"

"text/html"

"text/plain"

"text/xml"

status_code: Optional[int]

The status code to use for the error.

maximum999

minimum400

class ActionParametersActionParametersAsset: …

asset_name: str

The name of a custom asset to serve as the error response.

minLength1

content_type: Optional[Literal["application/json", "text/html", "text/plain", "text/xml"]]

The content type header to set with the error response.

One of the following:

"application/json"

"text/html"

"text/plain"

"text/xml"

status_code: Optional[int]

The status code to use for the error.

maximum999

minimum400

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class RuleRulesetsSetCacheControlRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["set_cache_control"]]

The action to perform when the rule matches.

action_parameters: Optional[RuleRulesetsSetCacheControlRuleActionParameters]

The parameters configuring the rule's action.

immutable: Optional[RuleRulesetsSetCacheControlRuleActionParametersImmutable]

A cache-control directive configuration.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersImmutableSetDirective: …

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersImmutableRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

max_age: Optional[RuleRulesetsSetCacheControlRuleActionParametersMaxAge]

A cache-control directive configuration that accepts a duration value in seconds.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersMaxAgeSetDirective: …

Set the directive with a duration value in seconds.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

value: int

The duration value in seconds for the directive.

minimum0

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersMaxAgeRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

must_revalidate: Optional[RuleRulesetsSetCacheControlRuleActionParametersMustRevalidate]

A cache-control directive configuration.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersMustRevalidateSetDirective: …

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersMustRevalidateRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

must_understand: Optional[RuleRulesetsSetCacheControlRuleActionParametersMustUnderstand]

A cache-control directive configuration.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersMustUnderstandSetDirective: …

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersMustUnderstandRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

no_cache: Optional[RuleRulesetsSetCacheControlRuleActionParametersNoCache]

A cache-control directive configuration that accepts optional qualifiers (header names).

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersNoCacheSetDirective: …

Set the directive with optional qualifiers.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

qualifiers: Optional[List[str]]

Optional list of header names to qualify the directive (e.g., for "private" or "no-cache" directives).

class RuleRulesetsSetCacheControlRuleActionParametersNoCacheRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

no_store: Optional[RuleRulesetsSetCacheControlRuleActionParametersNoStore]

A cache-control directive configuration.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersNoStoreSetDirective: …

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersNoStoreRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

no_transform: Optional[RuleRulesetsSetCacheControlRuleActionParametersNoTransform]

A cache-control directive configuration.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersNoTransformSetDirective: …

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersNoTransformRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

private: Optional[RuleRulesetsSetCacheControlRuleActionParametersPrivate]

A cache-control directive configuration that accepts optional qualifiers (header names).

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersPrivateSetDirective: …

Set the directive with optional qualifiers.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

qualifiers: Optional[List[str]]

Optional list of header names to qualify the directive (e.g., for "private" or "no-cache" directives).

class RuleRulesetsSetCacheControlRuleActionParametersPrivateRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

proxy_revalidate: Optional[RuleRulesetsSetCacheControlRuleActionParametersProxyRevalidate]

A cache-control directive configuration.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersProxyRevalidateSetDirective: …

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersProxyRevalidateRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

public: Optional[RuleRulesetsSetCacheControlRuleActionParametersPublic]

A cache-control directive configuration.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersPublicSetDirective: …

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersPublicRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

s_maxage: Optional[RuleRulesetsSetCacheControlRuleActionParametersSMaxage]

A cache-control directive configuration that accepts a duration value in seconds.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersSMaxageSetDirective: …

Set the directive with a duration value in seconds.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

value: int

The duration value in seconds for the directive.

minimum0

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersSMaxageRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

stale_if_error: Optional[RuleRulesetsSetCacheControlRuleActionParametersStaleIfError]

A cache-control directive configuration that accepts a duration value in seconds.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersStaleIfErrorSetDirective: …

Set the directive with a duration value in seconds.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

value: int

The duration value in seconds for the directive.

minimum0

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersStaleIfErrorRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

stale_while_revalidate: Optional[RuleRulesetsSetCacheControlRuleActionParametersStaleWhileRevalidate]

A cache-control directive configuration that accepts a duration value in seconds.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersStaleWhileRevalidateSetDirective: …

Set the directive with a duration value in seconds.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

value: int

The duration value in seconds for the directive.

minimum0

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersStaleWhileRevalidateRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[RuleRulesetsSetCacheControlRuleExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[RuleRulesetsSetCacheControlRuleRatelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class SetCacheSettingsRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["set_cache_settings"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

additional_cacheable_ports: Optional[List[int]]

A list of additional ports that caching should be enabled on.

browser_ttl: Optional[ActionParametersBrowserTTL]

How long client browsers should cache the response. Cloudflare cache purge will not purge content cached on client browsers, so high browser TTLs may lead to stale content.

mode: Literal["respect_origin", "bypass_by_default", "override_origin", "bypass"]

The browser TTL mode.

One of the following:

"respect_origin"

"bypass_by_default"

"override_origin"

"bypass"

default: Optional[int]

The browser TTL (in seconds) if you choose the "override_origin" mode.

minimum0

cache: Optional[bool]

Whether the request's response from the origin is eligible for caching. Caching itself will still depend on the cache control header and your other caching configurations.

cache_key: Optional[ActionParametersCacheKey]

Which components of the request are included in or excluded from the cache key Cloudflare uses to store the response in cache.

cache_by_device_type: Optional[bool]

Whether to separate cached content based on the visitor's device type.

cache_deception_armor: Optional[bool]

Whether to protect from web cache deception attacks, while allowing static assets to be cached.

custom_key: Optional[ActionParametersCacheKeyCustomKey]

Which components of the request are included or excluded from the cache key.

host: Optional[ActionParametersCacheKeyCustomKeyHost]

How to use the host in the cache key.

resolved: Optional[bool]

Whether to use the resolved host in the cache key.

query_string: Optional[ActionParametersCacheKeyCustomKeyQueryString]

Which query string parameters to include in or exclude from the cache key.

Which query string parameters to exclude from the cache key.

all: Optional[Literal[true]]

Whether to exclude all query string parameters from the cache key.

list: Optional[List[str]]

A list of query string parameters to exclude from the cache key.

include: Optional[ActionParametersCacheKeyCustomKeyQueryStringInclude]

Which query string parameters to include in the cache key.

all: Optional[Literal[true]]

Whether to include all query string parameters in the cache key.

list: Optional[List[str]]

A list of query string parameters to include in the cache key.

user: Optional[ActionParametersCacheKeyCustomKeyUser]

How to use characteristics of the request user agent in the cache key.

device_type: Optional[bool]

Whether to use the user agent's device type in the cache key.

geo: Optional[bool]

Whether to use the user agents's country in the cache key.

lang: Optional[bool]

Whether to use the user agent's language in the cache key.

ignore_query_strings_order: Optional[bool]

Whether to treat requests with the same query parameters the same, regardless of the order those query parameters are in.

cache_reserve: Optional[ActionParametersCacheReserve]

Settings to determine whether the request's response from origin is eligible for Cache Reserve (requires a Cache Reserve add-on plan).

eligible: bool

Whether Cache Reserve is enabled. If this is true and a request meets eligibility criteria, Cloudflare will write the resource to Cache Reserve.

minimum_file_size: Optional[int]

The minimum file size eligible for storage in Cache Reserve.

minimum0

edge_ttl: Optional[ActionParametersEdgeTTL]

How long the Cloudflare edge network should cache the response.

mode: Literal["respect_origin", "bypass_by_default", "override_origin"]

The edge TTL mode.

One of the following:

"respect_origin"

"bypass_by_default"

"override_origin"

default: Optional[int]

The edge TTL (in seconds) if you choose the "override_origin" mode.

minimum0

status_code_ttl: Optional[List[ActionParametersEdgeTTLStatusCodeTTL]]

A list of TTLs to apply to specific status codes or status code ranges.

value: int

status_code: Optional[int]

A single status code to apply the TTL to.

maximum999

minimum100

status_code_range: Optional[ActionParametersEdgeTTLStatusCodeTTLStatusCodeRange]

A range of status codes to apply the TTL to.

from_: Optional[int]

The lower bound of the range.

maximum999

minimum100

to: Optional[int]

The upper bound of the range.

maximum999

minimum100

origin_cache_control: Optional[bool]

Whether Cloudflare will aim to strictly adhere to RFC 7234.

origin_error_page_passthru: Optional[bool]

Whether to generate Cloudflare error pages for issues from the origin server.

read_timeout: Optional[int]

maximum6000

minimum100

respect_strong_etags: Optional[bool]

Whether Cloudflare should respect strong ETag (entity tag) headers. If false, Cloudflare converts strong ETag headers to weak ETag headers.

serve_stale: Optional[ActionParametersServeStale]

When to serve stale content from cache.

disable_stale_while_updating: Optional[bool]

Whether Cloudflare should disable serving stale content while getting the latest content from the origin.

shared_dictionary: Optional[ActionParametersSharedDictionary]

Configuration for shared dictionary compression. When set, Cloudflare injects Use-As-Dictionary headers on matching cacheable responses.

match_pattern: str

URL pattern for the Use-As-Dictionary match field. This pattern specifies which URLs can use this response as a dictionary.

maxLength1024

minLength1

strip_etags: Optional[bool]

Whether to strip ETag headers from the origin response before caching.

strip_last_modified: Optional[bool]

Whether to strip Last-Modified headers from the origin response before caching.

strip_set_cookie: Optional[bool]

Whether to strip Set-Cookie headers from the origin response before caching.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class RuleRulesetsSetCacheTagsRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["set_cache_tags"]]

The action to perform when the rule matches.

action_parameters: Optional[RuleRulesetsSetCacheTagsRuleActionParameters]

The parameters configuring the rule's action.

One of the following:

class RuleRulesetsSetCacheTagsRuleActionParametersAddCacheTagsValues: …

Add cache tags using a list of values.

operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:

"add"

"remove"

"set"

values: List[str]

A list of cache tag values.

class RuleRulesetsSetCacheTagsRuleActionParametersAddCacheTagsExpression: …

Add cache tags using an expression.

expression: str

An expression that evaluates to an array of cache tag values.

minLength1

operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:

"add"

"remove"

"set"

class RuleRulesetsSetCacheTagsRuleActionParametersRemoveCacheTagsValues: …

Remove cache tags using a list of values.

operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:

"add"

"remove"

"set"

values: List[str]

A list of cache tag values.

class RuleRulesetsSetCacheTagsRuleActionParametersRemoveCacheTagsExpression: …

Remove cache tags using an expression.

expression: str

An expression that evaluates to an array of cache tag values.

minLength1

operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:

"add"

"remove"

"set"

class RuleRulesetsSetCacheTagsRuleActionParametersSetCacheTagsValues: …

Set cache tags using a list of values.

operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:

"add"

"remove"

"set"

values: List[str]

A list of cache tag values.

class RuleRulesetsSetCacheTagsRuleActionParametersSetCacheTagsExpression: …

Set cache tags using an expression.

expression: str

An expression that evaluates to an array of cache tag values.

minLength1

operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:

"add"

"remove"

"set"

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[RuleRulesetsSetCacheTagsRuleExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[RuleRulesetsSetCacheTagsRuleRatelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class SetConfigRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["set_config"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

automatic_https_rewrites: Optional[bool]

Whether to enable Automatic HTTPS Rewrites.

autominify: Optional[ActionParametersAutominify]

Which file extensions to minify automatically.

css: Optional[bool]

Whether to minify CSS files.

html: Optional[bool]

Whether to minify HTML files.

js: Optional[bool]

Whether to minify JavaScript files.

bic: Optional[bool]

Whether to enable Browser Integrity Check (BIC).

content_converter: Optional[bool]

Whether to enable content conversion (e.g., HTML to Markdown).

Deprecateddisable_apps: Optional[Literal[true]]

Cloudflare Apps are deprected.

Whether to disable Cloudflare Apps.

disable_pay_per_crawl: Optional[Literal[true]]

Whether to disable Pay Per Crawl.

disable_rum: Optional[Literal[true]]

Whether to disable Real User Monitoring (RUM).

disable_zaraz: Optional[Literal[true]]

Whether to disable Zaraz.

email_obfuscation: Optional[bool]

Whether to enable Email Obfuscation.

fonts: Optional[bool]

Whether to enable Cloudflare Fonts.

hotlink_protection: Optional[bool]

Whether to enable Hotlink Protection.

Deprecatedmirage: Optional[bool]

Mirage is deprecated. More information at https://developers.cloudflare.com/speed/optimization/images/mirage/.

Whether to enable Mirage.

opportunistic_encryption: Optional[bool]

Whether to enable Opportunistic Encryption.

polish: Optional[Literal["off", "lossless", "lossy", "webp"]]

The Polish level to configure.

One of the following:

"off"

"lossless"

"lossy"

"webp"

redirects_for_ai_training: Optional[bool]

Whether to redirect verified AI training crawlers to canonical URLs found in the HTML response.

request_body_buffering: Optional[Literal["none", "standard", "full"]]

The request body buffering mode.

One of the following:

"none"

"standard"

"full"

response_body_buffering: Optional[Literal["none", "standard"]]

The response body buffering mode.

One of the following:

"none"

"standard"

rocket_loader: Optional[bool]

Whether to enable Rocket Loader.

security_level: Optional[Literal["off", "essentially_off", "low", 3 more]]

The Security Level to configure.

One of the following:

"off"

"essentially_off"

"low"

"medium"

"high"

"under_attack"

server_side_excludes: Optional[bool]

Whether to enable Server-Side Excludes.

ssl: Optional[Literal["off", "flexible", "full", 2 more]]

The SSL level to configure.

One of the following:

"off"

"flexible"

"full"

"strict"

"origin_pull"

sxg: Optional[bool]

Whether to enable Signed Exchanges (SXG).

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class SkipRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["skip"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

phase: Optional[Literal["current"]]

A phase to skip the execution of. This option is only compatible with the products option.

phases: Optional[List[Phase]]

A list of phases to skip the execution of. This option is incompatible with the rulesets option.

One of the following:

"ddos_l4"

"ddos_l7"

"http_config_settings"

"http_custom_errors"

"http_log_custom_fields"

"http_ratelimit"

"http_request_cache_settings"

"http_request_dynamic_redirect"

"http_request_firewall_custom"

"http_request_firewall_managed"

"http_request_late_transform"

"http_request_origin"

"http_request_redirect"

"http_request_sanitize"

"http_request_sbfm"

"http_request_transform"

"http_response_cache_settings"

"http_response_compression"

"http_response_firewall_managed"

"http_response_headers_transform"

"magic_transit"

"magic_transit_ids_managed"

"magic_transit_managed"

"magic_transit_ratelimit"

products: Optional[List[Literal["bic", "hot", "rateLimit", 4 more]]]

A list of legacy security products to skip the execution of.

One of the following:

"bic"

"hot"

"rateLimit"

"securityLevel"

"uaBlock"

"waf"

"zoneLockdown"

rules: Optional[Dict[str, List[str]]]

A mapping of ruleset IDs to a list of rule IDs in that ruleset to skip the execution of. This option is incompatible with the ruleset option.

ruleset: Optional[Literal["current"]]

A ruleset to skip the execution of. This option is incompatible with the rulesets option.

rulesets: Optional[List[str]]

A list of ruleset IDs to skip the execution of. This option is incompatible with the ruleset and phases options.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

version: str

The version of the ruleset.

description: Optional[str]

An informative description of the ruleset.

class RuleDeleteResponse: …

A ruleset object.

id: str

The unique ID of the ruleset.

kind: Kind

The kind of the ruleset.

last_updated: datetime

The timestamp of when the ruleset was last modified.

formatdate-time

The human-readable name of the ruleset.

minLength1

phase: Phase

The phase of the ruleset.

rules: List[Rule]

The list of rules in the ruleset.

One of the following:

class BlockRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["block"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

response: Optional[ActionParametersResponse]

The response to show when the block is applied.

content: str

The content to return.

minLength1

content_type: str

The type of the content to return.

minLength1

status_code: int

The status code to return.

maximum499

minimum400

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class RuleRulesetsChallengeRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["challenge"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[RuleRulesetsChallengeRuleExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[RuleRulesetsChallengeRuleRatelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class CompressResponseRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["compress_response"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

algorithms: List[ActionParametersAlgorithm]

Custom order for compression algorithms.

Name of the compression algorithm to enable.

One of the following:

"none"

"auto"

"default"

"gzip"

"brotli"

"zstd"

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class DDoSDynamicRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["ddos_dynamic"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class ExecuteRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["execute"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

id: str

The ID of the ruleset to execute.

matched_data: Optional[ActionParametersMatchedData]

The configuration to use for matched data logging.

public_key: str

The public key to encrypt matched data logs with.

minLength1

overrides: Optional[ActionParametersOverrides]

A set of overrides to apply to the target ruleset.

action: Optional[str]

An action to override all rules with. This option has lower precedence than rule and category overrides.

categories: Optional[List[ActionParametersOverridesCategory]]

A list of category-level overrides. This option has the second-highest precedence after rule-level overrides.

category: str

The name of the category to override.

minLength1

action: Optional[str]

The action to override rules in the category with.

enabled: Optional[bool]

Whether to enable execution of rules in the category.

sensitivity_level: Optional[Literal["default", "medium", "low", "eoff"]]

The sensitivity level to use for rules in the category. This option is only applicable for DDoS phases.

One of the following:

"default"

"medium"

"low"

"eoff"

enabled: Optional[bool]

Whether to enable execution of all rules. This option has lower precedence than rule and category overrides.

rules: Optional[List[ActionParametersOverridesRule]]

A list of rule-level overrides. This option has the highest precedence.

id: str

The ID of the rule to override.

action: Optional[str]

The action to override the rule with.

enabled: Optional[bool]

Whether to enable execution of the rule.

score_threshold: Optional[int]

The score threshold to use for the rule.

sensitivity_level: Optional[Literal["default", "medium", "low", "eoff"]]

The sensitivity level to use for the rule. This option is only applicable for DDoS phases.

One of the following:

"default"

"medium"

"low"

"eoff"

sensitivity_level: Optional[Literal["default", "medium", "low", "eoff"]]

A sensitivity level to set for all rules. This option has lower precedence than rule and category overrides and is only applicable for DDoS phases.

One of the following:

"default"

"medium"

"low"

"eoff"

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class ForceConnectionCloseRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["force_connection_close"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class RuleRulesetsJSChallengeRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["js_challenge"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[RuleRulesetsJSChallengeRuleExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[RuleRulesetsJSChallengeRuleRatelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class LogRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["log"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class LogCustomFieldRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["log_custom_field"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

cookie_fields: Optional[List[ActionParametersCookieField]]

The cookie fields to log.

The name of the cookie.

minLength1

raw_response_fields: Optional[List[ActionParametersRawResponseField]]

The raw response fields to log.

The name of the response header.

minLength1

preserve_duplicates: Optional[bool]

Whether to log duplicate values of the same header.

request_fields: Optional[List[ActionParametersRequestField]]

The raw request fields to log.

The name of the header.

minLength1

response_fields: Optional[List[ActionParametersResponseField]]

The transformed response fields to log.

The name of the response header.

minLength1

preserve_duplicates: Optional[bool]

Whether to log duplicate values of the same header.

transformed_request_fields: Optional[List[ActionParametersTransformedRequestField]]

The transformed request fields to log.

The name of the header.

minLength1

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class ManagedChallengeRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["managed_challenge"]]

The action to perform when the rule matches.

action_parameters: Optional[object]

The parameters configuring the rule's action.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class RedirectRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["redirect"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

from_list: Optional[ActionParametersFromList]

A redirect based on a bulk list lookup.

key: str

An expression that evaluates to the list lookup key.

minLength1

The name of the list to match against.

from_value: Optional[ActionParametersFromValue]

A redirect based on the request properties.

target_url: ActionParametersFromValueTargetURL

A URL to redirect the request to.

expression: Optional[str]

An expression that evaluates to a URL to redirect the request to.

minLength1

value: Optional[str]

A URL to redirect the request to.

minLength1

preserve_query_string: Optional[bool]

Whether to keep the query string of the original request.

status_code: Optional[Literal[301, 302, 303, 2 more]]

The status code to use for the redirect.

One of the following:

301

302

303

307

308

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class RewriteRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["rewrite"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

headers: Optional[Dict[str, ActionParametersHeaders]]

A map of headers to rewrite.

One of the following:

class ActionParametersHeadersAddStaticHeader: …

A header with a static value to add.

operation: Literal["add"]

The operation to perform on the header.

value: str

A static value for the header.

minLength1

class ActionParametersHeadersAddDynamicHeader: …

A header with a dynamic value to add.

expression: str

An expression that evaluates to a value for the header.

minLength1

operation: Literal["add"]

The operation to perform on the header.

class ActionParametersHeadersSetStaticHeader: …

A header with a static value to set.

operation: Literal["set"]

The operation to perform on the header.

value: str

A static value for the header.

minLength1

class ActionParametersHeadersSetDynamicHeader: …

A header with a dynamic value to set.

expression: str

An expression that evaluates to a value for the header.

minLength1

operation: Literal["set"]

The operation to perform on the header.

class ActionParametersHeadersRemoveHeader: …

A header to remove.

operation: Literal["remove"]

The operation to perform on the header.

uri: Optional[ActionParametersURI]

A URI path rewrite.

One of the following:

class ActionParametersURIURIPath: …

A URI path rewrite.

path: ActionParametersURIURIPathPath

A URI path rewrite.

expression: Optional[str]

An expression that evaluates to a value to rewrite the URI path to.

minLength1

value: Optional[str]

A value to rewrite the URI path to.

minLength1

origin: Optional[bool]

Whether to propagate the rewritten URI to origin.

class ActionParametersURIURIQuery: …

A URI query rewrite.

query: ActionParametersURIURIQueryQuery

A URI query rewrite.

expression: Optional[str]

An expression that evaluates to a value to rewrite the URI query to.

minLength1

value: Optional[str]

A value to rewrite the URI query to.

origin: Optional[bool]

Whether to propagate the rewritten URI to origin.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class RouteRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["route"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

host_header: Optional[str]

A value to rewrite the HTTP host header to.

minLength1

origin: Optional[ActionParametersOrigin]

An origin to route to.

host: Optional[str]

A resolved host to route to.

minLength1

port: Optional[int]

A destination port to route to.

maximum65535

minimum1

sni: Optional[ActionParametersSNI]

A Server Name Indication (SNI) override.

value: str

A value to override the SNI to.

minLength1

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class ScoreRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["score"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

increment: int

A delta to change the score by, which can be either positive or negative.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class ServeErrorRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["serve_error"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

One of the following:

class ActionParametersActionParametersContent: …

content: str

The response content.

minLength1

content_type: Optional[Literal["application/json", "text/html", "text/plain", "text/xml"]]

The content type header to set with the error response.

One of the following:

"application/json"

"text/html"

"text/plain"

"text/xml"

status_code: Optional[int]

The status code to use for the error.

maximum999

minimum400

class ActionParametersActionParametersAsset: …

asset_name: str

The name of a custom asset to serve as the error response.

minLength1

content_type: Optional[Literal["application/json", "text/html", "text/plain", "text/xml"]]

The content type header to set with the error response.

One of the following:

"application/json"

"text/html"

"text/plain"

"text/xml"

status_code: Optional[int]

The status code to use for the error.

maximum999

minimum400

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class RuleRulesetsSetCacheControlRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["set_cache_control"]]

The action to perform when the rule matches.

action_parameters: Optional[RuleRulesetsSetCacheControlRuleActionParameters]

The parameters configuring the rule's action.

immutable: Optional[RuleRulesetsSetCacheControlRuleActionParametersImmutable]

A cache-control directive configuration.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersImmutableSetDirective: …

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersImmutableRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

max_age: Optional[RuleRulesetsSetCacheControlRuleActionParametersMaxAge]

A cache-control directive configuration that accepts a duration value in seconds.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersMaxAgeSetDirective: …

Set the directive with a duration value in seconds.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

value: int

The duration value in seconds for the directive.

minimum0

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersMaxAgeRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

must_revalidate: Optional[RuleRulesetsSetCacheControlRuleActionParametersMustRevalidate]

A cache-control directive configuration.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersMustRevalidateSetDirective: …

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersMustRevalidateRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

must_understand: Optional[RuleRulesetsSetCacheControlRuleActionParametersMustUnderstand]

A cache-control directive configuration.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersMustUnderstandSetDirective: …

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersMustUnderstandRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

no_cache: Optional[RuleRulesetsSetCacheControlRuleActionParametersNoCache]

A cache-control directive configuration that accepts optional qualifiers (header names).

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersNoCacheSetDirective: …

Set the directive with optional qualifiers.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

qualifiers: Optional[List[str]]

Optional list of header names to qualify the directive (e.g., for "private" or "no-cache" directives).

class RuleRulesetsSetCacheControlRuleActionParametersNoCacheRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

no_store: Optional[RuleRulesetsSetCacheControlRuleActionParametersNoStore]

A cache-control directive configuration.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersNoStoreSetDirective: …

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersNoStoreRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

no_transform: Optional[RuleRulesetsSetCacheControlRuleActionParametersNoTransform]

A cache-control directive configuration.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersNoTransformSetDirective: …

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersNoTransformRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

private: Optional[RuleRulesetsSetCacheControlRuleActionParametersPrivate]

A cache-control directive configuration that accepts optional qualifiers (header names).

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersPrivateSetDirective: …

Set the directive with optional qualifiers.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

qualifiers: Optional[List[str]]

Optional list of header names to qualify the directive (e.g., for "private" or "no-cache" directives).

class RuleRulesetsSetCacheControlRuleActionParametersPrivateRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

proxy_revalidate: Optional[RuleRulesetsSetCacheControlRuleActionParametersProxyRevalidate]

A cache-control directive configuration.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersProxyRevalidateSetDirective: …

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersProxyRevalidateRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

public: Optional[RuleRulesetsSetCacheControlRuleActionParametersPublic]

A cache-control directive configuration.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersPublicSetDirective: …

Set the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersPublicRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

s_maxage: Optional[RuleRulesetsSetCacheControlRuleActionParametersSMaxage]

A cache-control directive configuration that accepts a duration value in seconds.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersSMaxageSetDirective: …

Set the directive with a duration value in seconds.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

value: int

The duration value in seconds for the directive.

minimum0

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersSMaxageRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

stale_if_error: Optional[RuleRulesetsSetCacheControlRuleActionParametersStaleIfError]

A cache-control directive configuration that accepts a duration value in seconds.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersStaleIfErrorSetDirective: …

Set the directive with a duration value in seconds.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

value: int

The duration value in seconds for the directive.

minimum0

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersStaleIfErrorRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

stale_while_revalidate: Optional[RuleRulesetsSetCacheControlRuleActionParametersStaleWhileRevalidate]

A cache-control directive configuration that accepts a duration value in seconds.

One of the following:

class RuleRulesetsSetCacheControlRuleActionParametersStaleWhileRevalidateSetDirective: …

Set the directive with a duration value in seconds.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

value: int

The duration value in seconds for the directive.

minimum0

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

class RuleRulesetsSetCacheControlRuleActionParametersStaleWhileRevalidateRemoveDirective: …

Remove the directive.

operation: Literal["set", "remove"]

The operation to perform on the cache-control directive.

One of the following:

"set"

"remove"

cloudflare_only: Optional[bool]

Whether the directive should only be applied to the Cloudflare CDN cache.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[RuleRulesetsSetCacheControlRuleExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[RuleRulesetsSetCacheControlRuleRatelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class SetCacheSettingsRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["set_cache_settings"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

additional_cacheable_ports: Optional[List[int]]

A list of additional ports that caching should be enabled on.

browser_ttl: Optional[ActionParametersBrowserTTL]

How long client browsers should cache the response. Cloudflare cache purge will not purge content cached on client browsers, so high browser TTLs may lead to stale content.

mode: Literal["respect_origin", "bypass_by_default", "override_origin", "bypass"]

The browser TTL mode.

One of the following:

"respect_origin"

"bypass_by_default"

"override_origin"

"bypass"

default: Optional[int]

The browser TTL (in seconds) if you choose the "override_origin" mode.

minimum0

cache: Optional[bool]

Whether the request's response from the origin is eligible for caching. Caching itself will still depend on the cache control header and your other caching configurations.

cache_key: Optional[ActionParametersCacheKey]

Which components of the request are included in or excluded from the cache key Cloudflare uses to store the response in cache.

cache_by_device_type: Optional[bool]

Whether to separate cached content based on the visitor's device type.

cache_deception_armor: Optional[bool]

Whether to protect from web cache deception attacks, while allowing static assets to be cached.

custom_key: Optional[ActionParametersCacheKeyCustomKey]

Which components of the request are included or excluded from the cache key.

host: Optional[ActionParametersCacheKeyCustomKeyHost]

How to use the host in the cache key.

resolved: Optional[bool]

Whether to use the resolved host in the cache key.

query_string: Optional[ActionParametersCacheKeyCustomKeyQueryString]

Which query string parameters to include in or exclude from the cache key.

Which query string parameters to exclude from the cache key.

all: Optional[Literal[true]]

Whether to exclude all query string parameters from the cache key.

list: Optional[List[str]]

A list of query string parameters to exclude from the cache key.

include: Optional[ActionParametersCacheKeyCustomKeyQueryStringInclude]

Which query string parameters to include in the cache key.

all: Optional[Literal[true]]

Whether to include all query string parameters in the cache key.

list: Optional[List[str]]

A list of query string parameters to include in the cache key.

user: Optional[ActionParametersCacheKeyCustomKeyUser]

How to use characteristics of the request user agent in the cache key.

device_type: Optional[bool]

Whether to use the user agent's device type in the cache key.

geo: Optional[bool]

Whether to use the user agents's country in the cache key.

lang: Optional[bool]

Whether to use the user agent's language in the cache key.

ignore_query_strings_order: Optional[bool]

Whether to treat requests with the same query parameters the same, regardless of the order those query parameters are in.

cache_reserve: Optional[ActionParametersCacheReserve]

Settings to determine whether the request's response from origin is eligible for Cache Reserve (requires a Cache Reserve add-on plan).

eligible: bool

Whether Cache Reserve is enabled. If this is true and a request meets eligibility criteria, Cloudflare will write the resource to Cache Reserve.

minimum_file_size: Optional[int]

The minimum file size eligible for storage in Cache Reserve.

minimum0

edge_ttl: Optional[ActionParametersEdgeTTL]

How long the Cloudflare edge network should cache the response.

mode: Literal["respect_origin", "bypass_by_default", "override_origin"]

The edge TTL mode.

One of the following:

"respect_origin"

"bypass_by_default"

"override_origin"

default: Optional[int]

The edge TTL (in seconds) if you choose the "override_origin" mode.

minimum0

status_code_ttl: Optional[List[ActionParametersEdgeTTLStatusCodeTTL]]

A list of TTLs to apply to specific status codes or status code ranges.

value: int

status_code: Optional[int]

A single status code to apply the TTL to.

maximum999

minimum100

status_code_range: Optional[ActionParametersEdgeTTLStatusCodeTTLStatusCodeRange]

A range of status codes to apply the TTL to.

from_: Optional[int]

The lower bound of the range.

maximum999

minimum100

to: Optional[int]

The upper bound of the range.

maximum999

minimum100

origin_cache_control: Optional[bool]

Whether Cloudflare will aim to strictly adhere to RFC 7234.

origin_error_page_passthru: Optional[bool]

Whether to generate Cloudflare error pages for issues from the origin server.

read_timeout: Optional[int]

maximum6000

minimum100

respect_strong_etags: Optional[bool]

Whether Cloudflare should respect strong ETag (entity tag) headers. If false, Cloudflare converts strong ETag headers to weak ETag headers.

serve_stale: Optional[ActionParametersServeStale]

When to serve stale content from cache.

disable_stale_while_updating: Optional[bool]

Whether Cloudflare should disable serving stale content while getting the latest content from the origin.

shared_dictionary: Optional[ActionParametersSharedDictionary]

Configuration for shared dictionary compression. When set, Cloudflare injects Use-As-Dictionary headers on matching cacheable responses.

match_pattern: str

URL pattern for the Use-As-Dictionary match field. This pattern specifies which URLs can use this response as a dictionary.

maxLength1024

minLength1

strip_etags: Optional[bool]

Whether to strip ETag headers from the origin response before caching.

strip_last_modified: Optional[bool]

Whether to strip Last-Modified headers from the origin response before caching.

strip_set_cookie: Optional[bool]

Whether to strip Set-Cookie headers from the origin response before caching.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class RuleRulesetsSetCacheTagsRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["set_cache_tags"]]

The action to perform when the rule matches.

action_parameters: Optional[RuleRulesetsSetCacheTagsRuleActionParameters]

The parameters configuring the rule's action.

One of the following:

class RuleRulesetsSetCacheTagsRuleActionParametersAddCacheTagsValues: …

Add cache tags using a list of values.

operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:

"add"

"remove"

"set"

values: List[str]

A list of cache tag values.

class RuleRulesetsSetCacheTagsRuleActionParametersAddCacheTagsExpression: …

Add cache tags using an expression.

expression: str

An expression that evaluates to an array of cache tag values.

minLength1

operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:

"add"

"remove"

"set"

class RuleRulesetsSetCacheTagsRuleActionParametersRemoveCacheTagsValues: …

Remove cache tags using a list of values.

operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:

"add"

"remove"

"set"

values: List[str]

A list of cache tag values.

class RuleRulesetsSetCacheTagsRuleActionParametersRemoveCacheTagsExpression: …

Remove cache tags using an expression.

expression: str

An expression that evaluates to an array of cache tag values.

minLength1

operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:

"add"

"remove"

"set"

class RuleRulesetsSetCacheTagsRuleActionParametersSetCacheTagsValues: …

Set cache tags using a list of values.

operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:

"add"

"remove"

"set"

values: List[str]

A list of cache tag values.

class RuleRulesetsSetCacheTagsRuleActionParametersSetCacheTagsExpression: …

Set cache tags using an expression.

expression: str

An expression that evaluates to an array of cache tag values.

minLength1

operation: Literal["add", "remove", "set"]

The operation to perform on the cache tags.

One of the following:

"add"

"remove"

"set"

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[RuleRulesetsSetCacheTagsRuleExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[RuleRulesetsSetCacheTagsRuleRatelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class SetConfigRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["set_config"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

automatic_https_rewrites: Optional[bool]

Whether to enable Automatic HTTPS Rewrites.

autominify: Optional[ActionParametersAutominify]

Which file extensions to minify automatically.

css: Optional[bool]

Whether to minify CSS files.

html: Optional[bool]

Whether to minify HTML files.

js: Optional[bool]

Whether to minify JavaScript files.

bic: Optional[bool]

Whether to enable Browser Integrity Check (BIC).

content_converter: Optional[bool]

Whether to enable content conversion (e.g., HTML to Markdown).

Deprecateddisable_apps: Optional[Literal[true]]

Cloudflare Apps are deprected.

Whether to disable Cloudflare Apps.

disable_pay_per_crawl: Optional[Literal[true]]

Whether to disable Pay Per Crawl.

disable_rum: Optional[Literal[true]]

Whether to disable Real User Monitoring (RUM).

disable_zaraz: Optional[Literal[true]]

Whether to disable Zaraz.

email_obfuscation: Optional[bool]

Whether to enable Email Obfuscation.

fonts: Optional[bool]

Whether to enable Cloudflare Fonts.

hotlink_protection: Optional[bool]

Whether to enable Hotlink Protection.

Deprecatedmirage: Optional[bool]

Mirage is deprecated. More information at https://developers.cloudflare.com/speed/optimization/images/mirage/.

Whether to enable Mirage.

opportunistic_encryption: Optional[bool]

Whether to enable Opportunistic Encryption.

polish: Optional[Literal["off", "lossless", "lossy", "webp"]]

The Polish level to configure.

One of the following:

"off"

"lossless"

"lossy"

"webp"

redirects_for_ai_training: Optional[bool]

Whether to redirect verified AI training crawlers to canonical URLs found in the HTML response.

request_body_buffering: Optional[Literal["none", "standard", "full"]]

The request body buffering mode.

One of the following:

"none"

"standard"

"full"

response_body_buffering: Optional[Literal["none", "standard"]]

The response body buffering mode.

One of the following:

"none"

"standard"

rocket_loader: Optional[bool]

Whether to enable Rocket Loader.

security_level: Optional[Literal["off", "essentially_off", "low", 3 more]]

The Security Level to configure.

One of the following:

"off"

"essentially_off"

"low"

"medium"

"high"

"under_attack"

server_side_excludes: Optional[bool]

Whether to enable Server-Side Excludes.

ssl: Optional[Literal["off", "flexible", "full", 2 more]]

The SSL level to configure.

One of the following:

"off"

"flexible"

"full"

"strict"

"origin_pull"

sxg: Optional[bool]

Whether to enable Signed Exchanges (SXG).

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

class SkipRule: …

last_updated: datetime

The timestamp of when the rule was last modified.

formatdate-time

version: str

The version of the rule.

id: Optional[str]

The unique ID of the rule.

action: Optional[Literal["skip"]]

The action to perform when the rule matches.

action_parameters: Optional[ActionParameters]

The parameters configuring the rule's action.

phase: Optional[Literal["current"]]

A phase to skip the execution of. This option is only compatible with the products option.

phases: Optional[List[Phase]]

A list of phases to skip the execution of. This option is incompatible with the rulesets option.

One of the following:

"ddos_l4"

"ddos_l7"

"http_config_settings"

"http_custom_errors"

"http_log_custom_fields"

"http_ratelimit"

"http_request_cache_settings"

"http_request_dynamic_redirect"

"http_request_firewall_custom"

"http_request_firewall_managed"

"http_request_late_transform"

"http_request_origin"

"http_request_redirect"

"http_request_sanitize"

"http_request_sbfm"

"http_request_transform"

"http_response_cache_settings"

"http_response_compression"

"http_response_firewall_managed"

"http_response_headers_transform"

"magic_transit"

"magic_transit_ids_managed"

"magic_transit_managed"

"magic_transit_ratelimit"

products: Optional[List[Literal["bic", "hot", "rateLimit", 4 more]]]

A list of legacy security products to skip the execution of.

One of the following:

"bic"

"hot"

"rateLimit"

"securityLevel"

"uaBlock"

"waf"

"zoneLockdown"

rules: Optional[Dict[str, List[str]]]

A mapping of ruleset IDs to a list of rule IDs in that ruleset to skip the execution of. This option is incompatible with the ruleset option.

ruleset: Optional[Literal["current"]]

A ruleset to skip the execution of. This option is incompatible with the rulesets option.

rulesets: Optional[List[str]]

A list of ruleset IDs to skip the execution of. This option is incompatible with the ruleset and phases options.

categories: Optional[List[str]]

The categories of the rule.

description: Optional[str]

An informative description of the rule.

enabled: Optional[bool]

Whether the rule should be executed.

exposed_credential_check: Optional[ExposedCredentialCheck]

Configuration for exposed credential checking.

password_expression: str

An expression that selects the password used in the credentials check.

minLength1

username_expression: str

An expression that selects the user ID used in the credentials check.

minLength1

expression: Optional[str]

The expression defining which traffic will match the rule.

minLength1

logging: Optional[Logging]

An object configuring the rule's logging behavior.

ratelimit: Optional[Ratelimit]

An object configuring the rule's rate limit behavior.

characteristics: List[str]

Characteristics of the request on which the rate limit counter will be incremented.

period: int

Period in seconds over which the counter is being incremented.

minimum0

counting_expression: Optional[str]

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.

minLength1

mitigation_timeout: Optional[int]

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Optional[int]

The threshold of requests per period after which the action will be executed for the first time.

minimum1

requests_to_origin: Optional[bool]

Whether counting is only performed when an origin is reached.

score_per_period: Optional[int]

The score threshold per period for which the action will be executed the first time.

score_response_header_name: Optional[str]

A response header name provided by the origin, which contains the score to increment rate limit counter with.

minLength1

ref: Optional[str]

The reference of the rule (the rule's ID by default).

minLength1

version: str

The version of the ruleset.

description: Optional[str]

An informative description of the ruleset.