Create custom rules via API
Use the Rulesets API to create a Custom Rule via API.
You must deploy custom rules to the http_request_firewall_custom
phase entry point ruleset.
Create a custom rule
To create a custom rule, add a rule to the http_request_firewall_custom
phase entry point ruleset.
-
Invoke the View ruleset method to obtain the list of rules already present in the
http_request_firewall_custom
phase entry point ruleset. If the entry point ruleset does not exist, proceed to step 2, since adding a rule to the entry point ruleset will create the ruleset if it does not exist. -
Invoke the Update ruleset method to update the list of rules in the phase entry point ruleset with a new rule. You must include the rule ID of all the rules you wish to keep in the ruleset (all other fields are optional).
Example A
This example request replaces all rules in the http_request_firewall_custom
phase for zone with ID <ZONE_ID>
, defining a single custom rule that challenges requests from the United Kingdom or France with a threat score greater than 10
:
curl -X PUT \"https://api.cloudflare.com/client/v4/zones/<ZONE_ID>/rulesets/phases/http_request_firewall_custom/entrypoint" \-H "Authorization: Bearer <API_TOKEN>" \-d '{ "rules": [ { "description": "My custom rule", "expression": "(ip.geoip.country eq \"GB\" or ip.geoip.country eq \"FR\") and cf.threat_score > 10", "action": "challenge" } ]
}'
Example B
This example request replaces all rules in the http_request_firewall_custom
phase for zone with ID <ZONE_ID>
, defining a single custom rule with a custom response for blocked requests:
curl -X PUT \"https://api.cloudflare.com/client/v4/zones/<ZONE_ID>/rulesets/phases/http_request_firewall_custom/entrypoint" \-H "Authorization: Bearer <API_TOKEN>" \-d '{ "rules": [ { "description": "My custom rule with plain text response", "expression": "(ip.geoip.country eq \"GB\" or ip.geoip.country eq \"FR\") and cf.threat_score > 50", "action": "block", "action_parameters": { "response": { "status_code": 403, "content": "Your request was blocked.", "content_type": "text/plain" } } } ]
}'