Cloudflare Docs
WAF
Edit this page
Report an issue with this page
Log into the Cloudflare dashboard
Set theme to dark (⇧+D)

API examples of custom rules with the Skip action

Use the Rulesets API to configure custom rules via API.

The skip action supports different skip options, according to the security features or products that you wish to skip.

​​ Before you continue

This page contains examples of different skip rule scenarios for custom rules. Take the following into account:

​​ Skip the remaining rules in the current ruleset

This example invokes the Create a zone ruleset rule operation to add a skip rule to the existing http_request_firewall_custom phase entry point ruleset with ID {ruleset_id}. The rule will skip all remaining rules in the current ruleset for requests matching the rule expression:

curl https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/{ruleset_id}/rules \
--header "Authorization: Bearer <API_TOKEN>" \
--header "Content-Type: application/json" \
--data '{
"action": "skip",
"action_parameters": {
"ruleset": "current"
},
"expression": "http.request.uri.path contains \"/skip-current-ruleset/\"",
"description": ""
}'

​​ Skip a phase

This example invokes the Create a zone ruleset rule operation to add a rule to the existing http_request_firewall_custom phase entry point ruleset with ID {ruleset_id}. The rule will skip the http_ratelimit phase for requests matching the rule expression:

curl https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/{ruleset_id}/rules \
--header "Authorization: Bearer <API_TOKEN>" \
--header "Content-Type: application/json" \
--data '{
"action": "skip",
"action_parameters": {
"phases": [
"http_ratelimit"
]
},
"expression": "http.request.uri.path contains \"/skip-phase/\"",
"description": ""
}'

Refer to Available skip options for the list of phases you can skip.

​​ Skip a phase and do not log matching requests

This example invokes the Create a zone ruleset rule operation to add a rule that:

  • Skips the http_ratelimit phase
  • Disables event logging for the current rule
curl https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/{ruleset_id}/rules \
--header "Authorization: Bearer <API_TOKEN>" \
--header "Content-Type: application/json" \
--data '{
"action": "skip",
"action_parameters": {
"phases": [
"http_ratelimit"
]
},
"logging": {
"enabled": false
},
"expression": "http.request.uri.path contains \"/disable-logging/\"",
"description": ""
}'

Refer to Available skip options: Logging for more information on disabling logging for requests that match a skip rule.

​​ Skip security products

This example uses the Create a zone ruleset rule operation to add a rule that skips the Zone Lockdown and User Agent Blocking products for requests matching the rule expression:

curl https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/{ruleset_id}/rules \
--header "Authorization: Bearer <API_TOKEN>" \
--header "Content-Type: application/json" \
--data '{
"action": "skip",
"action_parameters": {
"products": [
"zoneLockdown",
"uaBlock"
]
},
"expression": "http.request.uri.path contains \"/skip-products/\"",
"description": ""
}'

Refer to Available skip options for the list of products you can skip.