Skip to content
Firewall
Visit Firewall on GitHub
Set theme to dark (⇧+D)

Create ruleset

Creates a ruleset of a given kind in the specified Phase.

Use one of the following endpoints when creating a ruleset:

Account-level endpointPOST accounts/{account-id}/rulesets
Zone-level endpointPOST zones/{zone-id}/rulesets

The following parameters are required:

NameDescriptionValueNotes
nameA human-readable name for the ruleset.StringThe name is immutable. You cannot change it over the lifetime of the ruleset.
descriptionOptional description for the ruleset.StringYou can change the description over the lifetime of the ruleset.
kindThe kind of ruleset the JSON object represents.String

Allowed values:

  • root - creates a Phase ruleset at the account level
  • zone - creates a Phase ruleset at the zone level
  • custom - creates a custom ruleset

phaseThe name of the Phase where the ruleset will be created.StringCheck the specific Cloudflare product documentation for more information on the Phases where you can create custom rulesets.

Use the rules parameter to supply a list of rules that define the ruleset. For an object definition, see Rulesets API: JSON Object.

Example - Create a zone-level Phase ruleset

This example creates a zone-level Phase ruleset at the http_request_firewall_managed Phase with a single rule that deploys a Managed Ruleset.

Requestcurl -X POST \-H "X-Auth-Email: user@cloudflare.com" \-H "X-Auth-Key: REDACTED" \"https://api.cloudflare.com/client/v4/zones/{zone-id}/rulesets" \-d '{  "name": "Zone-level Phase ruleset",  "kind": "zone",  "description": "This ruleset deploys a Managed Ruleset.",  "rules": [    {      "action": "execute",      "expression": "true",      "action_parameters": {        "id": "{managed-ruleset-id}"      }    }  ],  "phase": "http_request_firewall_managed"}'
Response{  "result": {    "id": "{ruleset-id}",    "name": "Zone-level Phase ruleset",    "description": "This ruleset deploys a Managed Ruleset.",    "kind": "zone",    "version": "1",    "rules": [      {        "id": "{rule-id}",        "version": "1",        "action": "execute",        "expression": "true",        "action_parameters": {          "id": "{managed-ruleset-id}"        },        "last_updated": "2021-03-17T15:42:37.917815Z"      }    ],    "last_updated": "2021-03-17T15:42:37.917815Z",    "phase": "http_request_firewall_managed"  },  "success": true,  "errors": [],  "messages": []}

Example - Create a custom ruleset

This example creates a custom ruleset in the http_request_firewall_custom Phase with a single rule.

Requestcurl -X POST \-H "X-Auth-Email: user@cloudflare.com" \-H "X-Auth-Key: REDACTED" \"https://api.cloudflare.com/client/v4/accounts/{account-id}/rulesets" \-d '{  "name": "Example custom ruleset",  "kind": "custom",  "description": "Example ruleset description",  "rules": [    {      "action": "log",      "expression": "cf.zone.name eq \"example.com\""    }  ],  "phase": "http_request_firewall_custom"}'
Response{  "result": {    "id": "{ruleset-id}",    "name": "Example custom ruleset",    "description": "Example ruleset description",    "kind": "custom",    "version": "1",    "rules": [      {        "id": "{rule-id}",        "version": "1",        "action": "log",        "expression": "cf.zone.name eq \"example.com\"",        "last_updated": "2021-03-17T15:42:37.917815Z"      }    ],    "last_updated": "2021-03-17T15:42:37.917815Z",    "phase": "http_request_firewall_custom"  },  "success": true,  "errors": [],  "messages": []}