Skip to content
Firewall
Visit Firewall on GitHub
Set theme to dark (⇧+D)

Deploy a Managed Ruleset

To deploy a Managed Ruleset to a phase at the account level or at the zone level, use the Rulesets API.

Deploy a Managed Ruleset to a phase at the account level

Use the following workflow to deploy a managed ruleset to a phase at the account level.

  1. Get your account ID.
  2. Get the ID of the Managed Ruleset you wish to deploy. See List existing rulesets.
  3. Identify the phase where you want to deploy the Managed Ruleset. Ensure that the Managed Ruleset belongs to the same phase where you want to deploy it. To learn more about the available phases supported by each Cloudflare product, check the specific documentation for that product.
  4. Add a rule to the account-level phase to deploy the Managed Ruleset.

Example

The following example deploys a Managed Ruleset to the http_request_firewall_managed phase of your account ({account-id}). The rules in the Managed Ruleset are executed when the zone name matches one of example.com or anotherexample.com.

Requestcurl -X PUT \-H "X-Auth-Email: user@cloudflare.com" \-H "X-Auth-Key: REDACTED" \"https://api.cloudflare.com/client/v4/accounts/{account-id}/rulesets/phases/http_request_firewall_managed/entrypoint" \-d '{  "rules": [    {      "action": "execute",      "action_parameters": {        "id": "{cloudflare-managed-ruleset-id}"      },      "expression": "cf.zone.name in {\"example.com\" \"anotherexample.com\"}",      "description": "Execute Cloudflare Managed Ruleset on my account-level phase ruleset"    }  ]}'
Response{  "result": {    "id": "{ruleset-id}",    "name": "http_request_firewall_managed Account-level Ruleset",    "description": "",    "kind": "root",    "version": "5",    "rules": [      {        "id": "{rule-id}",        "version": "1",        "action": "execute",        "action_parameters": {          "id": "{cloudflare-managed-ruleset-id}",          "version": "latest"        },        "expression": "cf.zone.name in {\"example.com\" \"anotherexample.com\"}",        "description": "Execute Cloudflare Managed Ruleset on my account-level phase ruleset",        "last_updated": "2021-03-18T18:30:08.122758Z",        "ref": "{rule-ref}",        "enabled": true      }    ],    "last_updated": "2021-03-18T18:30:08.122758Z",    "phase": "http_request_firewall_managed"  },  "success": true,  "errors": [],  "messages": []}

Deploy a Managed Ruleset to a phase at the zone level

Use the following workflow to deploy a managed ruleset to a phase at the zone level.

  1. Get your zone ID.
  2. Get the ID of the Managed Ruleset you wish to deploy. See List existing rulesets.
  3. Identify the phase where you want to deploy the Managed Ruleset. Ensure that the Managed Ruleset belongs to the same phase where you want to deploy it. To learn more about the available phases supported by each Cloudflare product, check the specific documentation for that product.
  4. Add a rule to the zone-level phase to deploy the Managed Ruleset.

Example

The following example deploys a Managed Ruleset to the http_request_firewall_managed phase of a given zone ({zone-id}).

Requestcurl -X PUT \-H "X-Auth-Email: user@cloudflare.com" \-H "X-Auth-Key: REDACTED" \"https://api.cloudflare.com/client/v4/zones/{zone-id}/rulesets/phases/http_request_firewall_managed/entrypoint" \-d '{  "rules": [    {      "action": "execute",      "action_parameters": {        "id": "{cloudflare-managed-ruleset-id}"      },      "expression": "true",      "description": "Execute Cloudflare Managed Ruleset on my zone ruleset"    }  ]}'
Response{  "result": {    "id": "{zone-level-phase-ruleset-id}",    "name": "Zone-level Ruleset 1",    "description": "",    "kind": "zone",    "version": "3",    "rules": [      {        "id": "{rule-id-1}",        "version": "1",        "action": "execute",        "action_parameters": {          "id": "{cloudflare-managed-ruleset-id}",          "version": "latest"        },        "expression": "true",        "description": "Execute Cloudflare Managed Ruleset on my zone ruleset",        "last_updated": "2021-03-18T18:08:14.003361Z",        "ref": "{ruleset-ref-1}",        "enabled": true      }    ],    "last_updated": "2021-03-18T18:08:14.003361Z",    "phase": "http_request_firewall_managed"  },  "success": true,  "errors": [],  "messages": []}

In these examples, the Managed Ruleset executes the behavior configured by Cloudflare. To customize the behavior of Managed Rulesets, see Override a Managed Ruleset.