Skip to content
WAF
Visit WAF on GitHub
Set theme to dark (⇧+D)

Configure payload logging for a Managed Ruleset via API

You can use the Rulesets API to configure payload logging for a Managed Ruleset.

Configure and enable payload logging

To configure:

  1. Use the Update rule in ruleset API method to update the rule that executes the Managed Ruleset.

  2. In the configuration of the rule that executes the Managed Ruleset, include a matched_data object in action_parameters to configure payload logging.

    The matched_data object has the following structure:

    "action_parameters": {  // ...  "matched_data": {    "public_key": "<PUBLIC_KEY_VALUE>"  }}

    Replace <PUBLIC_KEY_VALUE> with the public key you want to use for payload logging.

You can generate a public key in the command line or in the Cloudflare dashboard.

Example

The following example updates rule {rule-id-1} that executes the Cloudflare Managed Ruleset for zone {zone-id}, configuring payload logging with the provided public key.

Requestcurl -X PATCH \-H "X-Auth-Email: user@cloudflare.com" \-H "X-Auth-Key: REDACTED" \"https://api.cloudflare.com/client/v4/zone/{zone-id}/rulesets/{ruleset-id}/rules/{rule-id-1}" \-d '{  "action": "execute",  "action_parameters": {    "id": "{cloudflare-managed-ruleset-id}",    "matched_data": {      "public_key": "{your-public-key}"    }  },  "expression": "true",  "description": "Executes the Cloudflare Managed Ruleset"}'

The response includes the complete ruleset after updating the rule.

Response{  "result": {    "id": "{zone-level-phase-ruleset-id}",    "name": "Zone-level Ruleset 1",    "description": "",    "kind": "zone",    "version": "3",    "rules": [      {        "id": "{rule-id-1}",        "version": "1",        "action": "execute",        "action_parameters": {          "id": "{cloudflare-managed-ruleset-id}",          "version": "latest",          "matched_data": {            "public_key": "{your-public-key}"          }        },        "expression": "true",        "description": "Executes the Cloudflare Managed Ruleset",        "last_updated": "2021-06-28T18:08:14.003361Z",        "ref": "{ruleset-ref-1}",        "enabled": true      },      // ...    ],    "last_updated": "2021-06-28T18:08:14.003361Z",    "phase": "http_request_firewall_managed"  },  "success": true,  "errors": [],  "messages": []}

For more information on deploying Managed Rulesets via API, see Deploy a Managed Ruleset in the Ruleset Engine documentation.


Disable payload logging

To disable payload logging for a Managed Ruleset:

  1. Use the Update rule in ruleset API method to update the rule that executes the Managed Ruleset.

  2. Modify the rule definition so that there is no matched_data object in action_parameters.

The following example rule executes a Managed Ruleset with payload logging disabled:

{  "action": "execute",  "action_parameters": {    "id": "{managed-ruleset-id}"  },  "expression": "true",  "description": ""}