Skip to content
Cloudflare API
Start here
API Reference
Firewall
WAF
Packages

Rules

List WAF rules
Deprecated
GET/zones/{zone_id}/firewall/waf/packages/{package_id}/rules
Get a WAF rule
Deprecated
GET/zones/{zone_id}/firewall/waf/packages/{package_id}/rules/{rule_id}
Update a WAF rule
Deprecated
PATCH/zones/{zone_id}/firewall/waf/packages/{package_id}/rules/{rule_id}
ModelsExpand Collapse
AllowedModesAnomaly = "on" or "off"

Defines the mode anomaly. When set to on, the current WAF rule will be used when evaluating the request. Applies to anomaly detection WAF rules.

One of the following:
"on"
"off"
WAFRuleGroup object { id, name }

Defines the rule group to which the current WAF rule belongs.

id: optional string

Defines the unique identifier of the rule group.

maxLength32
name: optional string

Defines the name of the rule group.

RuleListResponse = object { id, allowed_modes, description, 4 more } or object { id, allowed_modes, default_mode, 5 more } or object { id, allowed_modes, description, 4 more }

When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the ‘sensitivity’ property of the WAF package.

One of the following:
WAFManagedRulesAnomalyRule object { id, allowed_modes, description, 4 more }

When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the ‘sensitivity’ property of the WAF package.

id: string

Defines the unique identifier of the WAF rule.

maxLength32
allowed_modes: array of AllowedModesAnomaly

Defines the available modes for the current WAF rule. Applies to anomaly detection WAF rules.

One of the following:
"on"
"off"
description: string

Defines the public description of the WAF rule.

group: WAFRuleGroup { id, name }

Defines the rule group to which the current WAF rule belongs.

mode: AllowedModesAnomaly

Defines the mode anomaly. When set to on, the current WAF rule will be used when evaluating the request. Applies to anomaly detection WAF rules.

package_id: string

Defines the unique identifier of a WAF package.

maxLength32
priority: string

Defines the order in which the individual WAF rule is executed within its rule group.

WAFManagedRulesTraditionalDenyRule object { id, allowed_modes, default_mode, 5 more }

When triggered, traditional WAF rules cause the firewall to immediately act upon the request based on the configuration of the rule. A ‘deny’ rule will immediately respond to the request based on the configured rule action/mode (for example, ‘block’) and no other rules will be processed.

id: string

Defines the unique identifier of the WAF rule.

maxLength32
allowed_modes: array of "default" or "disable" or "simulate" or 2 more

Defines the list of possible actions of the WAF rule when it is triggered.

One of the following:
"default"
"disable"
"simulate"
"block"
"challenge"
default_mode: "disable" or "simulate" or "block" or "challenge"

Defines the default action/mode of a rule.

One of the following:
"disable"
"simulate"
"block"
"challenge"
description: string

Defines the public description of the WAF rule.

group: WAFRuleGroup { id, name }

Defines the rule group to which the current WAF rule belongs.

mode: "default" or "disable" or "simulate" or 2 more

Defines the action that the current WAF rule will perform when triggered. Applies to traditional (deny) WAF rules.

One of the following:
"default"
"disable"
"simulate"
"block"
"challenge"
package_id: string

Defines the unique identifier of a WAF package.

maxLength32
priority: string

Defines the order in which the individual WAF rule is executed within its rule group.

WAFManagedRulesTraditionalAllowRule object { id, allowed_modes, description, 4 more }

When triggered, traditional WAF rules cause the firewall to immediately act on the request based on the rule configuration. An ‘allow’ rule will immediately allow the request and no other rules will be processed.

id: string

Defines the unique identifier of the WAF rule.

maxLength32
allowed_modes: array of "on" or "off"

Defines the available modes for the current WAF rule.

One of the following:
"on"
"off"
description: string

Defines the public description of the WAF rule.

group: WAFRuleGroup { id, name }

Defines the rule group to which the current WAF rule belongs.

mode: "on" or "off"

When set to on, the current rule will be used when evaluating the request. Applies to traditional (allow) WAF rules.

One of the following:
"on"
"off"
package_id: string

Defines the unique identifier of a WAF package.

maxLength32
priority: string

Defines the order in which the individual WAF rule is executed within its rule group.

RuleGetResponse = unknown or string
One of the following:
unknown
string
RuleEditResponse = object { id, allowed_modes, description, 4 more } or object { id, allowed_modes, default_mode, 5 more } or object { id, allowed_modes, description, 4 more }

When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the ‘sensitivity’ property of the WAF package.

One of the following:
WAFManagedRulesAnomalyRule object { id, allowed_modes, description, 4 more }

When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the ‘sensitivity’ property of the WAF package.

id: string

Defines the unique identifier of the WAF rule.

maxLength32
allowed_modes: array of AllowedModesAnomaly

Defines the available modes for the current WAF rule. Applies to anomaly detection WAF rules.

One of the following:
"on"
"off"
description: string

Defines the public description of the WAF rule.

group: WAFRuleGroup { id, name }

Defines the rule group to which the current WAF rule belongs.

mode: AllowedModesAnomaly

Defines the mode anomaly. When set to on, the current WAF rule will be used when evaluating the request. Applies to anomaly detection WAF rules.

package_id: string

Defines the unique identifier of a WAF package.

maxLength32
priority: string

Defines the order in which the individual WAF rule is executed within its rule group.

WAFManagedRulesTraditionalDenyRule object { id, allowed_modes, default_mode, 5 more }

When triggered, traditional WAF rules cause the firewall to immediately act upon the request based on the configuration of the rule. A ‘deny’ rule will immediately respond to the request based on the configured rule action/mode (for example, ‘block’) and no other rules will be processed.

id: string

Defines the unique identifier of the WAF rule.

maxLength32
allowed_modes: array of "default" or "disable" or "simulate" or 2 more

Defines the list of possible actions of the WAF rule when it is triggered.

One of the following:
"default"
"disable"
"simulate"
"block"
"challenge"
default_mode: "disable" or "simulate" or "block" or "challenge"

Defines the default action/mode of a rule.

One of the following:
"disable"
"simulate"
"block"
"challenge"
description: string

Defines the public description of the WAF rule.

group: WAFRuleGroup { id, name }

Defines the rule group to which the current WAF rule belongs.

mode: "default" or "disable" or "simulate" or 2 more

Defines the action that the current WAF rule will perform when triggered. Applies to traditional (deny) WAF rules.

One of the following:
"default"
"disable"
"simulate"
"block"
"challenge"
package_id: string

Defines the unique identifier of a WAF package.

maxLength32
priority: string

Defines the order in which the individual WAF rule is executed within its rule group.

WAFManagedRulesTraditionalAllowRule object { id, allowed_modes, description, 4 more }

When triggered, traditional WAF rules cause the firewall to immediately act on the request based on the rule configuration. An ‘allow’ rule will immediately allow the request and no other rules will be processed.

id: string

Defines the unique identifier of the WAF rule.

maxLength32
allowed_modes: array of "on" or "off"

Defines the available modes for the current WAF rule.

One of the following:
"on"
"off"
description: string

Defines the public description of the WAF rule.

group: WAFRuleGroup { id, name }

Defines the rule group to which the current WAF rule belongs.

mode: "on" or "off"

When set to on, the current rule will be used when evaluating the request. Applies to traditional (allow) WAF rules.

One of the following:
"on"
"off"
package_id: string

Defines the unique identifier of a WAF package.

maxLength32
priority: string

Defines the order in which the individual WAF rule is executed within its rule group.