API Reference

Firewall

WAF

Overrides

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

List WAF overrides

Deprecated

GET/zones/{zone_id}/firewall/waf/overrides

Fetches the URI-based WAF overrides in a zone.

Note: Applies only to the previous version of WAF managed rules.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

Accepted Permissions (at least one required)

Zone Settings WriteZone Settings Read

Path ParametersExpand Collapse

zone_id: string

Defines an identifier.

maxLength32

Query ParametersExpand Collapse

page: optional number

The page number of paginated results.

minimum1

per_page: optional number

The number of WAF overrides per page.

maximum100

minimum5

ReturnsExpand Collapse

errors: array of ResponseInfo { code, message, documentation_url, source }

code: number

minimum1000

message: string

documentation_url: optional string

source: optional { pointer }

pointer: optional string

messages: array of ResponseInfo { code, message, documentation_url, source }

code: number

minimum1000

message: string

documentation_url: optional string

source: optional { pointer }

pointer: optional string

result: array of Override { id, description, groups, 5 more }

id: optional string

The unique identifier of the WAF override.

maxLength32

description: optional string

An informative summary of the current URI-based WAF override.

maxLength1024

groups: optional map[unknown]

An object that allows you to enable or disable WAF rule groups for the current WAF override. Each key of this object must be the ID of a WAF rule group, and each value must be a valid WAF action (usually default or disable). When creating a new URI-based WAF override, you must provide a groups object or a rules object.

paused: optional boolean

When true, indicates that the rule is currently paused.

priority: optional number

The relative priority of the current URI-based WAF override when multiple overrides match a single URL. A lower number indicates higher priority. Higher priority overrides may overwrite values set by lower priority overrides.

maximum1000000000

minimum-1000000000

rewrite_action: optional RewriteAction { block, challenge, default, 2 more }

Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object.

block: optional "challenge" or "block" or "simulate" or 2 more

The WAF rule action to apply.

One of the following:

"challenge"

"block"

"simulate"

"disable"

"default"

challenge: optional "challenge" or "block" or "simulate" or 2 more

The WAF rule action to apply.

One of the following:

"challenge"

"block"

"simulate"

"disable"

"default"

default: optional "challenge" or "block" or "simulate" or 2 more

The WAF rule action to apply.

One of the following:

"challenge"

"block"

"simulate"

"disable"

"default"

disable: optional "challenge" or "block" or "simulate" or 2 more

The WAF rule action to apply.

One of the following:

"challenge"

"block"

"simulate"

"disable"

"default"

simulate: optional "challenge" or "block" or "simulate" or 2 more

The WAF rule action to apply.

One of the following:

"challenge"

"block"

"simulate"

"disable"

"default"

rules: optional WAFRule { , , , 2 more }

An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a groups object or a rules object.

One of the following:

"challenge"

"block"

"simulate"

"disable"

"default"

urls: optional array of OverrideURL

The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns.

success: true

Defines whether the API call was successful.

result_info: optional { count, page, per_page, total_count }

count: optional number

Defines the total number of results for the requested service.

page: optional number

Defines the current page within paginated list of results.

per_page: optional number

Defines the number of results per page of results.

total_count: optional number

Defines the total results available without any search parameters.

List WAF overrides

HTTP

HTTP

TypeScript

Python

Go

Terraform

curl https://api.cloudflare.com/client/v4/zones/$ZONE_ID/firewall/waf/overrides \
    -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN"

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": [
    {
      "id": "de677e5818985db1285d0e80225f06e5",
      "description": "Enable Cloudflare Magento ruleset for shop.example.com",
      "groups": {
        "ea8687e59929c1fd05ba97574ad43f77": "bar"
      },
      "paused": true,
      "priority": 1,
      "rewrite_action": {
        "block": "challenge",
        "challenge": "challenge",
        "default": "challenge",
        "disable": "challenge",
        "simulate": "challenge"
      },
      "rules": {
        "100015": "disable"
      },
      "urls": [
        "shop.example.com/*"
      ]
    }
  ],
  "success": true,
  "result_info": {
    "count": 1,
    "page": 1,
    "per_page": 20,
    "total_count": 2000
  }
}

Returns Examples

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": [
    {
      "id": "de677e5818985db1285d0e80225f06e5",
      "description": "Enable Cloudflare Magento ruleset for shop.example.com",
      "groups": {
        "ea8687e59929c1fd05ba97574ad43f77": "bar"
      },
      "paused": true,
      "priority": 1,
      "rewrite_action": {
        "block": "challenge",
        "challenge": "challenge",
        "default": "challenge",
        "disable": "challenge",
        "simulate": "challenge"
      },
      "rules": {
        "100015": "disable"
      },
      "urls": [
        "shop.example.com/*"
      ]
    }
  ],
  "success": true,
  "result_info": {
    "count": 1,
    "page": 1,
    "per_page": 20,
    "total_count": 2000
  }
}