Deploy a WAF managed ruleset via API
Use the Rulesets API to deploy a managed ruleset at the account level or at the zone level.
Deploy WAF managed rulesets to the
http_request_firewall_managed phase. Other managed rulesets, like DDoS Attack Protection managed rulesets, must be deployed to a different phase. Refer to the specific managed ruleset documentation for details.
The WAF Managed Rules page includes the IDs of the different WAF managed rulesets. You will need this information when deploying the rulesets via API.
Refer to Deploy a managed ruleset for instructions on deploying a managed ruleset via API.
To customize the behavior of the rules included in a managed ruleset, create an override.
To skip the execution of WAF managed rulesets or some of their rules, create a WAF exception (also called a skip rule).
WAF exceptions have priority over overrides.