API Reference

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Rulesets

resource cloudflare_ruleset

required Expand Collapse

kind: String

The kind of the ruleset.

name: String

The human-readable name of the ruleset.

phase: String

The phase of the ruleset.

optional Expand Collapse

account_id?: String

The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.

zone_id?: String

The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

description?: String

An informative description of the ruleset.

rules?: List[Attributes]

The list of rules in the ruleset.

last_updated: Time

The timestamp of when the rule was last modified.

version: String

The version of the rule.

id?: String

The unique ID of the rule.

action?: String

The action to perform when the rule matches.

action_parameters?: Attributes

The parameters configuring the rule’s action.

response?: Attributes

The response to show when the block is applied.

content: String

The content to return.

content_type: String

The type of the content to return.

status_code: Int64

The status code to return.

algorithms?: List[Attributes]

Custom order for compression algorithms.

name?: String

Name of the compression algorithm to enable.

id?: String

The ID of the ruleset to execute.

matched_data?: Attributes

The configuration to use for matched data logging.

public_key: String

The public key to encrypt matched data logs with.

overrides?: Attributes

A set of overrides to apply to the target ruleset.

action?: String

An action to override all rules with. This option has lower precedence than rule and category overrides.

categories?: List[Attributes]

A list of category-level overrides. This option has the second-highest precedence after rule-level overrides.

category: String

The name of the category to override.

action?: String

The action to override rules in the category with.

enabled?: Bool

Whether to enable execution of rules in the category.

sensitivity_level?: String

The sensitivity level to use for rules in the category. This option is only applicable for DDoS phases.

enabled?: Bool

Whether to enable execution of all rules. This option has lower precedence than rule and category overrides.

rules?: List[Attributes]

A list of rule-level overrides. This option has the highest precedence.

id: String

The ID of the rule to override.

action?: String

The action to override the rule with.

enabled?: Bool

Whether to enable execution of the rule.

score_threshold?: Int64

The score threshold to use for the rule.

sensitivity_level?: String

The sensitivity level to use for the rule. This option is only applicable for DDoS phases.

sensitivity_level?: String

A sensitivity level to set for all rules. This option has lower precedence than rule and category overrides and is only applicable for DDoS phases.

cookie_fields?: List[Attributes]

The cookie fields to log.

name: String

The name of the cookie.

raw_response_fields?: List[Attributes]

The raw response fields to log.

name: String

The name of the response header.

preserve_duplicates?: Bool

Whether to log duplicate values of the same header.

request_fields?: List[Attributes]

The raw request fields to log.

name: String

The name of the header.

response_fields?: List[Attributes]

The transformed response fields to log.

name: String

The name of the response header.

preserve_duplicates?: Bool

Whether to log duplicate values of the same header.

transformed_request_fields?: List[Attributes]

The transformed request fields to log.

name: String

The name of the header.

from_list?: Attributes

A redirect based on a bulk list lookup.

key: String

An expression that evaluates to the list lookup key.

name: String

The name of the list to match against.

from_value?: Attributes

A redirect based on the request properties.

target_url: Attributes

A URL to redirect the request to.

expression?: String

An expression that evaluates to a URL to redirect the request to.

value?: String

A URL to redirect the request to.

preserve_query_string?: Bool

Whether to keep the query string of the original request.

status_code?: Int64

The status code to use for the redirect.

headers?: Map[Attributes]

A map of headers to rewrite.

operation: String

The operation to perform on the header.

value?: String

A static value for the header.

expression?: String

An expression that evaluates to a value for the header.

uri?: Attributes

A URI path rewrite.

path?: Attributes

A URI path rewrite.

expression?: String

An expression that evaluates to a value to rewrite the URI path to.

value?: String

A value to rewrite the URI path to.

origin: Bool

Whether to propagate the rewritten URI to origin.

query?: Attributes

A URI query rewrite.

expression?: String

An expression that evaluates to a value to rewrite the URI query to.

value?: String

A value to rewrite the URI query to.

host_header?: String

A value to rewrite the HTTP host header to.

origin?: Attributes

An origin to route to.

host?: String

A resolved host to route to.

port?: Int64

A destination port to route to.

sni?: Attributes

A Server Name Indication (SNI) override.

value: String

A value to override the SNI to.

increment?: Int64

A delta to change the score by, which can be either positive or negative.

content?: String

The response content.

content_type?: String

The content type header to set with the error response.

status_code?: Int64

The status code to use for the error.

asset_name?: String

The name of a custom asset to serve as the error response.

immutable?: Attributes

A cache-control directive configuration.

operation: String

The operation to perform on the cache-control directive.

cloudflare_only?: Bool

Whether the directive should only be applied to the Cloudflare CDN cache.

max_age?: Attributes

A cache-control directive configuration that accepts a duration value in seconds.

operation: String

The operation to perform on the cache-control directive.

value?: Int64

The duration value in seconds for the directive.

cloudflare_only?: Bool

Whether the directive should only be applied to the Cloudflare CDN cache.

must_revalidate?: Attributes

A cache-control directive configuration.

operation: String

The operation to perform on the cache-control directive.

cloudflare_only?: Bool

Whether the directive should only be applied to the Cloudflare CDN cache.

must_understand?: Attributes

A cache-control directive configuration.

operation: String

The operation to perform on the cache-control directive.

cloudflare_only?: Bool

Whether the directive should only be applied to the Cloudflare CDN cache.

no_cache?: Attributes

A cache-control directive configuration that accepts optional qualifiers (header names).

operation: String

The operation to perform on the cache-control directive.

cloudflare_only?: Bool

Whether the directive should only be applied to the Cloudflare CDN cache.

qualifiers?: List[String]

Optional list of header names to qualify the directive (e.g., for “private” or “no-cache” directives).

no_store?: Attributes

A cache-control directive configuration.

operation: String

The operation to perform on the cache-control directive.

cloudflare_only?: Bool

Whether the directive should only be applied to the Cloudflare CDN cache.

no_transform?: Attributes

A cache-control directive configuration.

operation: String

The operation to perform on the cache-control directive.

cloudflare_only?: Bool

Whether the directive should only be applied to the Cloudflare CDN cache.

private?: Attributes

A cache-control directive configuration that accepts optional qualifiers (header names).

operation: String

The operation to perform on the cache-control directive.

cloudflare_only?: Bool

Whether the directive should only be applied to the Cloudflare CDN cache.

qualifiers?: List[String]

Optional list of header names to qualify the directive (e.g., for “private” or “no-cache” directives).

proxy_revalidate?: Attributes

A cache-control directive configuration.

operation: String

The operation to perform on the cache-control directive.

cloudflare_only?: Bool

Whether the directive should only be applied to the Cloudflare CDN cache.

public?: Attributes

A cache-control directive configuration.

operation: String

The operation to perform on the cache-control directive.

cloudflare_only?: Bool

Whether the directive should only be applied to the Cloudflare CDN cache.

s_maxage?: Attributes

A cache-control directive configuration that accepts a duration value in seconds.

operation: String

The operation to perform on the cache-control directive.

value?: Int64

The duration value in seconds for the directive.

cloudflare_only?: Bool

Whether the directive should only be applied to the Cloudflare CDN cache.

stale_if_error?: Attributes

A cache-control directive configuration that accepts a duration value in seconds.

operation: String

The operation to perform on the cache-control directive.

value?: Int64

The duration value in seconds for the directive.

cloudflare_only?: Bool

Whether the directive should only be applied to the Cloudflare CDN cache.

stale_while_revalidate?: Attributes

A cache-control directive configuration that accepts a duration value in seconds.

operation: String

The operation to perform on the cache-control directive.

value?: Int64

The duration value in seconds for the directive.

cloudflare_only?: Bool

Whether the directive should only be applied to the Cloudflare CDN cache.

additional_cacheable_ports?: List[Int64]

A list of additional ports that caching should be enabled on.

browser_ttl?: Attributes

How long client browsers should cache the response. Cloudflare cache purge will not purge content cached on client browsers, so high browser TTLs may lead to stale content.

mode: String

The browser TTL mode.

default?: Int64

The browser TTL (in seconds) if you choose the “override_origin” mode.

cache?: Bool

Whether the request’s response from the origin is eligible for caching. Caching itself will still depend on the cache control header and your other caching configurations.

cache_key?: Attributes

Which components of the request are included in or excluded from the cache key Cloudflare uses to store the response in cache.

cache_by_device_type?: Bool

Whether to separate cached content based on the visitor’s device type.

cache_deception_armor?: Bool

Whether to protect from web cache deception attacks, while allowing static assets to be cached.

custom_key?: Attributes

Which components of the request are included or excluded from the cache key.

cookie?: Attributes

Which cookies to include in the cache key.

check_presence?: List[String]

A list of cookies to check for the presence of. The presence of these cookies is included in the cache key.

include?: List[String]

A list of cookies to include in the cache key.

header?: Attributes

Which headers to include in the cache key.

check_presence?: List[String]

A list of headers to check for the presence of. The presence of these headers is included in the cache key.

contains?: Map[List[String]]

A mapping of header names to a list of values. If a header is present in the request and contains any of the values provided, its value is included in the cache key.

exclude_origin?: Bool

Whether to exclude the origin header in the cache key.

include?: List[String]

A list of headers to include in the cache key.

host?: Attributes

How to use the host in the cache key.

resolved?: Bool

Whether to use the resolved host in the cache key.

query_string?: Attributes

Which query string parameters to include in or exclude from the cache key.

exclude?: Attributes

Which query string parameters to exclude from the cache key.

all?: Bool

Whether to exclude all query string parameters from the cache key.

list?: List[String]

A list of query string parameters to exclude from the cache key.

include?: Attributes

Which query string parameters to include in the cache key.

all?: Bool

Whether to include all query string parameters in the cache key.

list?: List[String]

A list of query string parameters to include in the cache key.

user?: Attributes

How to use characteristics of the request user agent in the cache key.

device_type?: Bool

Whether to use the user agent’s device type in the cache key.

geo?: Bool

Whether to use the user agents’s country in the cache key.

lang?: Bool

Whether to use the user agent’s language in the cache key.

ignore_query_strings_order?: Bool

Whether to treat requests with the same query parameters the same, regardless of the order those query parameters are in.

cache_reserve?: Attributes

Settings to determine whether the request’s response from origin is eligible for Cache Reserve (requires a Cache Reserve add-on plan).

eligible: Bool

Whether Cache Reserve is enabled. If this is true and a request meets eligibility criteria, Cloudflare will write the resource to Cache Reserve.

minimum_file_size?: Int64

The minimum file size eligible for storage in Cache Reserve.

edge_ttl?: Attributes

How long the Cloudflare edge network should cache the response.

mode: String

The edge TTL mode.

default?: Int64

The edge TTL (in seconds) if you choose the “override_origin” mode.

status_code_ttl?: List[Attributes]

A list of TTLs to apply to specific status codes or status code ranges.

value: Int64

The time to cache the response for (in seconds). A value of 0 is equivalent to setting the cache control header with the value “no-cache”. A value of -1 is equivalent to setting the cache control header with the value of “no-store”.

status_code?: Int64

A single status code to apply the TTL to.

status_code_range?: Attributes

A range of status codes to apply the TTL to.

from?: Int64

The lower bound of the range.

to?: Int64

The upper bound of the range.

origin_cache_control?: Bool

Whether Cloudflare will aim to strictly adhere to RFC 7234.

origin_error_page_passthru?: Bool

Whether to generate Cloudflare error pages for issues from the origin server.

read_timeout?: Int64

A timeout value between two successive read operations to use for your origin server. Historically, the timeout value between two read options from Cloudflare to an origin server is 100 seconds. If you are attempting to reduce HTTP 524 errors because of timeouts from an origin server, try increasing this timeout value.

respect_strong_etags?: Bool

Whether Cloudflare should respect strong ETag (entity tag) headers. If false, Cloudflare converts strong ETag headers to weak ETag headers.

serve_stale?: Attributes

When to serve stale content from cache.

disable_stale_while_updating?: Bool

Whether Cloudflare should disable serving stale content while getting the latest content from the origin.

shared_dictionary?: Attributes

Configuration for shared dictionary compression. When set, Cloudflare injects Use-As-Dictionary headers on matching cacheable responses.

match_pattern: String

URL pattern for the Use-As-Dictionary match field. This pattern specifies which URLs can use this response as a dictionary.

strip_etags?: Bool

Whether to strip ETag headers from the origin response before caching.

strip_last_modified?: Bool

Whether to strip Last-Modified headers from the origin response before caching.

strip_set_cookie?: Bool

Whether to strip Set-Cookie headers from the origin response before caching.

operation?: String

The operation to perform on the cache tags.

values?: List[String]

A list of cache tag values.

expression?: String

An expression that evaluates to an array of cache tag values.

automatic_https_rewrites?: Bool

Whether to enable Automatic HTTPS Rewrites.

autominify?: Attributes

Which file extensions to minify automatically.

css?: Bool

Whether to minify CSS files.

html?: Bool

Whether to minify HTML files.

js?: Bool

Whether to minify JavaScript files.

bic?: Bool

Whether to enable Browser Integrity Check (BIC).

content_converter?: Bool

Whether to enable content conversion (e.g., HTML to Markdown).

Deprecateddisable_apps?: Bool

Cloudflare Apps are deprected.

Whether to disable Cloudflare Apps.

disable_pay_per_crawl?: Bool

Whether to disable Pay Per Crawl.

disable_rum?: Bool

Whether to disable Real User Monitoring (RUM).

disable_zaraz?: Bool

Whether to disable Zaraz.

email_obfuscation?: Bool

Whether to enable Email Obfuscation.

fonts?: Bool

Whether to enable Cloudflare Fonts.

hotlink_protection?: Bool

Whether to enable Hotlink Protection.

Deprecatedmirage?: Bool

Mirage is deprecated. More information at https://developers.cloudflare.com/speed/optimization/images/mirage/.

Whether to enable Mirage.

opportunistic_encryption?: Bool

Whether to enable Opportunistic Encryption.

polish?: String

The Polish level to configure.

redirects_for_ai_training?: Bool

Whether to redirect verified AI training crawlers to canonical URLs found in the HTML response.

request_body_buffering?: String

The request body buffering mode.

response_body_buffering?: String

The response body buffering mode.

rocket_loader?: Bool

Whether to enable Rocket Loader.

security_level?: String

The Security Level to configure.

server_side_excludes?: Bool

Whether to enable Server-Side Excludes.

ssl?: String

The SSL level to configure.

sxg?: Bool

Whether to enable Signed Exchanges (SXG).

phase?: String

A phase to skip the execution of. This option is only compatible with the products option.

phases?: List[String]

A list of phases to skip the execution of. This option is incompatible with the rulesets option.

products?: List[String]

A list of legacy security products to skip the execution of.

rules?: Map[List[String]]

A mapping of ruleset IDs to a list of rule IDs in that ruleset to skip the execution of. This option is incompatible with the ruleset option.

ruleset?: String

A ruleset to skip the execution of. This option is incompatible with the rulesets option.

rulesets?: List[String]

A list of ruleset IDs to skip the execution of. This option is incompatible with the ruleset and phases options.

categories: List[String]

The categories of the rule.

description?: String

An informative description of the rule.

enabled?: Bool

Whether the rule should be executed.

exposed_credential_check?: Attributes

Configuration for exposed credential checking.

password_expression: String

An expression that selects the password used in the credentials check.

username_expression: String

An expression that selects the user ID used in the credentials check.

expression?: String

The expression defining which traffic will match the rule.

logging?: Attributes

An object configuring the rule’s logging behavior.

enabled: Bool

Whether to generate a log when the rule matches.

ratelimit?: Attributes

An object configuring the rule’s rate limit behavior.

characteristics: List[String]

Characteristics of the request on which the rate limit counter will be incremented.

period: Int64

Period in seconds over which the counter is being incremented.

counting_expression?: String

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule’s expression.

mitigation_timeout?: Int64

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period?: Int64

The threshold of requests per period after which the action will be executed for the first time.

requests_to_origin?: Bool

Whether counting is only performed when an origin is reached.

score_per_period?: Int64

The score threshold per period for which the action will be executed the first time.

score_response_header_name?: String

A response header name provided by the origin, which contains the score to increment rate limit counter with.

ref?: String

The reference of the rule (the rule’s ID by default).

computed Expand Collapse

id: String

The unique ID of the ruleset.

last_updated: Time

The timestamp of when the ruleset was last modified.

version: String

The version of the ruleset.

cloudflare_ruleset

Terraform

HTTP

TypeScript

Python

Go

Terraform

resource "cloudflare_ruleset" "example_ruleset" {
  kind = "root"
  name = "My ruleset"
  phase = "http_request_firewall_custom"
  zone_id = "zone_id"
  description = "A description for my ruleset."
  rules = [{
    id = "3a03d665bac047339bb530ecb439a90d"
    action = "block"
    action_parameters = {
      response = {
        content = <<EOT
        {
          "success": false,
          "error": "you have been blocked"
        }
        EOT
        content_type = "application/json"
        status_code = 400
      }
    }
    description = "Block the request."
    enabled = true
    exposed_credential_check = {
      password_expression = "url_decode(http.request.body.form[\\\"password\\\"][0])"
      username_expression = "url_decode(http.request.body.form[\\\"username\\\"][0])"
    }
    expression = "ip.src eq 1.1.1.1"
    logging = {
      enabled = true
    }
    ratelimit = {
      characteristics = ["cf.colo.id"]
      period = 60
      counting_expression = "http.request.body.raw eq \"abcd\""
      mitigation_timeout = 600
      requests_per_period = 1000
      requests_to_origin = true
      score_per_period = 400
      score_response_header_name = "my-score"
    }
    ref = "my_ref"
  }]
}

data cloudflare_ruleset

required Expand Collapse

ruleset_id: String

The unique ID of the ruleset.

optional Expand Collapse

account_id?: String

The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.

zone_id?: String

The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

computed Expand Collapse

id: String

The unique ID of the ruleset.

description: String

An informative description of the ruleset.

kind: String

The kind of the ruleset.

last_updated: Time

The timestamp of when the ruleset was last modified.

name: String

The human-readable name of the ruleset.

phase: String

The phase of the ruleset.

version: String

The version of the ruleset.

rules: List[Attributes]

The list of rules in the ruleset.

last_updated: Time

The timestamp of when the rule was last modified.

version: String

The version of the rule.

id: String

The unique ID of the rule.

action: String

The action to perform when the rule matches.

action_parameters: Attributes

The parameters configuring the rule’s action.

response: Attributes

The response to show when the block is applied.

content: String

The content to return.

content_type: String

The type of the content to return.

status_code: Int64

The status code to return.

algorithms: List[Attributes]

Custom order for compression algorithms.

name: String

Name of the compression algorithm to enable.

id: String

The ID of the ruleset to execute.

matched_data: Attributes

The configuration to use for matched data logging.

public_key: String

The public key to encrypt matched data logs with.

overrides: Attributes

A set of overrides to apply to the target ruleset.

action: String

An action to override all rules with. This option has lower precedence than rule and category overrides.

categories: List[Attributes]

A list of category-level overrides. This option has the second-highest precedence after rule-level overrides.

category: String

The name of the category to override.

action: String

The action to override rules in the category with.

enabled: Bool

Whether to enable execution of rules in the category.

sensitivity_level: String

The sensitivity level to use for rules in the category. This option is only applicable for DDoS phases.

enabled: Bool

Whether to enable execution of all rules. This option has lower precedence than rule and category overrides.

rules: List[Attributes]

A list of rule-level overrides. This option has the highest precedence.

id: String

The ID of the rule to override.

action: String

The action to override the rule with.

enabled: Bool

Whether to enable execution of the rule.

score_threshold: Int64

The score threshold to use for the rule.

sensitivity_level: String

The sensitivity level to use for the rule. This option is only applicable for DDoS phases.

sensitivity_level: String

A sensitivity level to set for all rules. This option has lower precedence than rule and category overrides and is only applicable for DDoS phases.

cookie_fields: List[Attributes]

The cookie fields to log.

name: String

The name of the cookie.

raw_response_fields: List[Attributes]

The raw response fields to log.

name: String

The name of the response header.

preserve_duplicates: Bool

Whether to log duplicate values of the same header.

request_fields: List[Attributes]

The raw request fields to log.

name: String

The name of the header.

response_fields: List[Attributes]

The transformed response fields to log.

name: String

The name of the response header.

preserve_duplicates: Bool

Whether to log duplicate values of the same header.

transformed_request_fields: List[Attributes]

The transformed request fields to log.

name: String

The name of the header.

from_list: Attributes

A redirect based on a bulk list lookup.

key: String

An expression that evaluates to the list lookup key.

name: String

The name of the list to match against.

from_value: Attributes

A redirect based on the request properties.

target_url: Attributes

A URL to redirect the request to.

expression: String

An expression that evaluates to a URL to redirect the request to.

value: String

A URL to redirect the request to.

preserve_query_string: Bool

Whether to keep the query string of the original request.

status_code: Int64

The status code to use for the redirect.

headers: Map[Attributes]

A map of headers to rewrite.

operation: String

The operation to perform on the header.

value: String

A static value for the header.

expression: String

An expression that evaluates to a value for the header.

uri: Attributes

A URI path rewrite.

path: Attributes

A URI path rewrite.

expression: String

An expression that evaluates to a value to rewrite the URI path to.

value: String

A value to rewrite the URI path to.

origin: Bool

Whether to propagate the rewritten URI to origin.

query: Attributes

A URI query rewrite.

expression: String

An expression that evaluates to a value to rewrite the URI query to.

value: String

A value to rewrite the URI query to.

host_header: String

A value to rewrite the HTTP host header to.

origin: Attributes

An origin to route to.

host: String

A resolved host to route to.

port: Int64

A destination port to route to.

sni: Attributes

A Server Name Indication (SNI) override.

value: String

A value to override the SNI to.

increment: Int64

A delta to change the score by, which can be either positive or negative.

content: String

The response content.

content_type: String

The content type header to set with the error response.

status_code: Int64

The status code to use for the error.

asset_name: String

The name of a custom asset to serve as the error response.

immutable: Attributes

A cache-control directive configuration.

operation: String

The operation to perform on the cache-control directive.

cloudflare_only: Bool

Whether the directive should only be applied to the Cloudflare CDN cache.

max_age: Attributes

A cache-control directive configuration that accepts a duration value in seconds.

operation: String

The operation to perform on the cache-control directive.

value: Int64

The duration value in seconds for the directive.

cloudflare_only: Bool

Whether the directive should only be applied to the Cloudflare CDN cache.

must_revalidate: Attributes

A cache-control directive configuration.

operation: String

The operation to perform on the cache-control directive.

cloudflare_only: Bool

Whether the directive should only be applied to the Cloudflare CDN cache.

must_understand: Attributes

A cache-control directive configuration.

operation: String

The operation to perform on the cache-control directive.

cloudflare_only: Bool

Whether the directive should only be applied to the Cloudflare CDN cache.

no_cache: Attributes

A cache-control directive configuration that accepts optional qualifiers (header names).

operation: String

The operation to perform on the cache-control directive.

cloudflare_only: Bool

Whether the directive should only be applied to the Cloudflare CDN cache.

qualifiers: List[String]

Optional list of header names to qualify the directive (e.g., for “private” or “no-cache” directives).

no_store: Attributes

A cache-control directive configuration.

operation: String

The operation to perform on the cache-control directive.

cloudflare_only: Bool

Whether the directive should only be applied to the Cloudflare CDN cache.

no_transform: Attributes

A cache-control directive configuration.

operation: String

The operation to perform on the cache-control directive.

cloudflare_only: Bool

Whether the directive should only be applied to the Cloudflare CDN cache.

private: Attributes

A cache-control directive configuration that accepts optional qualifiers (header names).

operation: String

The operation to perform on the cache-control directive.

cloudflare_only: Bool

Whether the directive should only be applied to the Cloudflare CDN cache.

qualifiers: List[String]

Optional list of header names to qualify the directive (e.g., for “private” or “no-cache” directives).

proxy_revalidate: Attributes

A cache-control directive configuration.

operation: String

The operation to perform on the cache-control directive.

cloudflare_only: Bool

Whether the directive should only be applied to the Cloudflare CDN cache.

public: Attributes

A cache-control directive configuration.

operation: String

The operation to perform on the cache-control directive.

cloudflare_only: Bool

Whether the directive should only be applied to the Cloudflare CDN cache.

s_maxage: Attributes

A cache-control directive configuration that accepts a duration value in seconds.

operation: String

The operation to perform on the cache-control directive.

value: Int64

The duration value in seconds for the directive.

cloudflare_only: Bool

Whether the directive should only be applied to the Cloudflare CDN cache.

stale_if_error: Attributes

A cache-control directive configuration that accepts a duration value in seconds.

operation: String

The operation to perform on the cache-control directive.

value: Int64

The duration value in seconds for the directive.

cloudflare_only: Bool

Whether the directive should only be applied to the Cloudflare CDN cache.

stale_while_revalidate: Attributes

A cache-control directive configuration that accepts a duration value in seconds.

operation: String

The operation to perform on the cache-control directive.

value: Int64

The duration value in seconds for the directive.

cloudflare_only: Bool

Whether the directive should only be applied to the Cloudflare CDN cache.

additional_cacheable_ports: List[Int64]

A list of additional ports that caching should be enabled on.

browser_ttl: Attributes

How long client browsers should cache the response. Cloudflare cache purge will not purge content cached on client browsers, so high browser TTLs may lead to stale content.

mode: String

The browser TTL mode.

default: Int64

The browser TTL (in seconds) if you choose the “override_origin” mode.

cache: Bool

Whether the request’s response from the origin is eligible for caching. Caching itself will still depend on the cache control header and your other caching configurations.

cache_key: Attributes

Which components of the request are included in or excluded from the cache key Cloudflare uses to store the response in cache.

cache_by_device_type: Bool

Whether to separate cached content based on the visitor’s device type.

cache_deception_armor: Bool

Whether to protect from web cache deception attacks, while allowing static assets to be cached.

custom_key: Attributes

Which components of the request are included or excluded from the cache key.

cookie: Attributes

Which cookies to include in the cache key.

check_presence: List[String]

A list of cookies to check for the presence of. The presence of these cookies is included in the cache key.

include: List[String]

A list of cookies to include in the cache key.

header: Attributes

Which headers to include in the cache key.

check_presence: List[String]

A list of headers to check for the presence of. The presence of these headers is included in the cache key.

contains: Map[List[String]]

A mapping of header names to a list of values. If a header is present in the request and contains any of the values provided, its value is included in the cache key.

exclude_origin: Bool

Whether to exclude the origin header in the cache key.

include: List[String]

A list of headers to include in the cache key.

host: Attributes

How to use the host in the cache key.

resolved: Bool

Whether to use the resolved host in the cache key.

query_string: Attributes

Which query string parameters to include in or exclude from the cache key.

exclude: Attributes

Which query string parameters to exclude from the cache key.

all: Bool

Whether to exclude all query string parameters from the cache key.

list: List[String]

A list of query string parameters to exclude from the cache key.

include: Attributes

Which query string parameters to include in the cache key.

all: Bool

Whether to include all query string parameters in the cache key.

list: List[String]

A list of query string parameters to include in the cache key.

user: Attributes

How to use characteristics of the request user agent in the cache key.

device_type: Bool

Whether to use the user agent’s device type in the cache key.

geo: Bool

Whether to use the user agents’s country in the cache key.

lang: Bool

Whether to use the user agent’s language in the cache key.

ignore_query_strings_order: Bool

Whether to treat requests with the same query parameters the same, regardless of the order those query parameters are in.

cache_reserve: Attributes

Settings to determine whether the request’s response from origin is eligible for Cache Reserve (requires a Cache Reserve add-on plan).

eligible: Bool

Whether Cache Reserve is enabled. If this is true and a request meets eligibility criteria, Cloudflare will write the resource to Cache Reserve.

minimum_file_size: Int64

The minimum file size eligible for storage in Cache Reserve.

edge_ttl: Attributes

How long the Cloudflare edge network should cache the response.

mode: String

The edge TTL mode.

default: Int64

The edge TTL (in seconds) if you choose the “override_origin” mode.

status_code_ttl: List[Attributes]

A list of TTLs to apply to specific status codes or status code ranges.

value: Int64

The time to cache the response for (in seconds). A value of 0 is equivalent to setting the cache control header with the value “no-cache”. A value of -1 is equivalent to setting the cache control header with the value of “no-store”.

status_code: Int64

A single status code to apply the TTL to.

status_code_range: Attributes

A range of status codes to apply the TTL to.

from: Int64

The lower bound of the range.

to: Int64

The upper bound of the range.

origin_cache_control: Bool

Whether Cloudflare will aim to strictly adhere to RFC 7234.

origin_error_page_passthru: Bool

Whether to generate Cloudflare error pages for issues from the origin server.

read_timeout: Int64

A timeout value between two successive read operations to use for your origin server. Historically, the timeout value between two read options from Cloudflare to an origin server is 100 seconds. If you are attempting to reduce HTTP 524 errors because of timeouts from an origin server, try increasing this timeout value.

respect_strong_etags: Bool

Whether Cloudflare should respect strong ETag (entity tag) headers. If false, Cloudflare converts strong ETag headers to weak ETag headers.

serve_stale: Attributes

When to serve stale content from cache.

disable_stale_while_updating: Bool

Whether Cloudflare should disable serving stale content while getting the latest content from the origin.

shared_dictionary: Attributes

Configuration for shared dictionary compression. When set, Cloudflare injects Use-As-Dictionary headers on matching cacheable responses.

match_pattern: String

URL pattern for the Use-As-Dictionary match field. This pattern specifies which URLs can use this response as a dictionary.

strip_etags: Bool

Whether to strip ETag headers from the origin response before caching.

strip_last_modified: Bool

Whether to strip Last-Modified headers from the origin response before caching.

strip_set_cookie: Bool

Whether to strip Set-Cookie headers from the origin response before caching.

operation: String

The operation to perform on the cache tags.

values: List[String]

A list of cache tag values.

expression: String

An expression that evaluates to an array of cache tag values.

automatic_https_rewrites: Bool

Whether to enable Automatic HTTPS Rewrites.

autominify: Attributes

Which file extensions to minify automatically.

css: Bool

Whether to minify CSS files.

html: Bool

Whether to minify HTML files.

js: Bool

Whether to minify JavaScript files.

bic: Bool

Whether to enable Browser Integrity Check (BIC).

content_converter: Bool

Whether to enable content conversion (e.g., HTML to Markdown).

Deprecateddisable_apps: Bool

Cloudflare Apps are deprected.

Whether to disable Cloudflare Apps.

disable_pay_per_crawl: Bool

Whether to disable Pay Per Crawl.

disable_rum: Bool

Whether to disable Real User Monitoring (RUM).

disable_zaraz: Bool

Whether to disable Zaraz.

email_obfuscation: Bool

Whether to enable Email Obfuscation.

fonts: Bool

Whether to enable Cloudflare Fonts.

hotlink_protection: Bool

Whether to enable Hotlink Protection.

Deprecatedmirage: Bool

Mirage is deprecated. More information at https://developers.cloudflare.com/speed/optimization/images/mirage/.

Whether to enable Mirage.

opportunistic_encryption: Bool

Whether to enable Opportunistic Encryption.

polish: String

The Polish level to configure.

redirects_for_ai_training: Bool

Whether to redirect verified AI training crawlers to canonical URLs found in the HTML response.

request_body_buffering: String

The request body buffering mode.

response_body_buffering: String

The response body buffering mode.

rocket_loader: Bool

Whether to enable Rocket Loader.

security_level: String

The Security Level to configure.

server_side_excludes: Bool

Whether to enable Server-Side Excludes.

ssl: String

The SSL level to configure.

sxg: Bool

Whether to enable Signed Exchanges (SXG).

phase: String

A phase to skip the execution of. This option is only compatible with the products option.

phases: List[String]

A list of phases to skip the execution of. This option is incompatible with the rulesets option.

products: List[String]

A list of legacy security products to skip the execution of.

rules: Map[List[String]]

A mapping of ruleset IDs to a list of rule IDs in that ruleset to skip the execution of. This option is incompatible with the ruleset option.

ruleset: String

A ruleset to skip the execution of. This option is incompatible with the rulesets option.

rulesets: List[String]

A list of ruleset IDs to skip the execution of. This option is incompatible with the ruleset and phases options.

categories: List[String]

The categories of the rule.

description: String

An informative description of the rule.

enabled: Bool

Whether the rule should be executed.

exposed_credential_check: Attributes

Configuration for exposed credential checking.

password_expression: String

An expression that selects the password used in the credentials check.

username_expression: String

An expression that selects the user ID used in the credentials check.

expression: String

The expression defining which traffic will match the rule.

logging: Attributes

An object configuring the rule’s logging behavior.

enabled: Bool

Whether to generate a log when the rule matches.

ratelimit: Attributes

An object configuring the rule’s rate limit behavior.

characteristics: List[String]

Characteristics of the request on which the rate limit counter will be incremented.

period: Int64

Period in seconds over which the counter is being incremented.

counting_expression: String

An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule’s expression.

mitigation_timeout: Int64

Period of time in seconds after which the action will be disabled following its first execution.

requests_per_period: Int64

The threshold of requests per period after which the action will be executed for the first time.

requests_to_origin: Bool

Whether counting is only performed when an origin is reached.

score_per_period: Int64

The score threshold per period for which the action will be executed the first time.

score_response_header_name: String

A response header name provided by the origin, which contains the score to increment rate limit counter with.

ref: String

The reference of the rule (the rule’s ID by default).

cloudflare_ruleset

Terraform

HTTP

TypeScript

Python

Go

Terraform

data "cloudflare_ruleset" "example_ruleset" {
  ruleset_id = "2f2feab2026849078ba485f918791bdc"
  account_id = "account_id"
  zone_id = "zone_id"
}

data cloudflare_rulesets

optional Expand Collapse

account_id?: String

The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.

zone_id?: String

The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse

result: List[Attributes]

The items returned by the data source

id: String

The unique ID of the ruleset.

kind: String

The kind of the ruleset.

last_updated: Time

The timestamp of when the ruleset was last modified.

name: String

The human-readable name of the ruleset.

phase: String

The phase of the ruleset.

version: String

The version of the ruleset.

description: String

An informative description of the ruleset.

cloudflare_rulesets

Terraform

HTTP

TypeScript

Python

Go

Terraform

data "cloudflare_rulesets" "example_rulesets" {
  account_id = "account_id"
  zone_id = "zone_id"
}