Update and deploy rulesets
You can use the API to update:
- The basic properties of a ruleset (currently only the description)
- The list of rules in a ruleset
Use one of the following API endpoints:
| Operation | Method + Endpoint |
|---|---|
| Update an account ruleset | PUT /accounts/{account_id}/rulesets/{ruleset_id} |
| Update a zone ruleset | PUT /zones/{zone_id}/rulesets/{ruleset_id} |
| Update an account entry point ruleset | PUT /accounts/{account_id}/rulesets/phases/{phase_name}/entrypoint |
| Update a zone entry point ruleset | PUT /zones/{zone_id}/rulesets/phases/{phase_name}/entrypoint |
The following PUT request defines the list of rules of a ruleset, setting it to a single rule. You must include all the rules you want to associate with the ruleset in every request.
Required API token permissions
At least one of the following token permissions
is required:
Response Compression WriteConfig Settings WriteDynamic URL Redirects WriteCache Settings WriteCustom Errors WriteOrigin WriteManaged headers WriteZone Transform Rules WriteMass URL Redirects WriteMagic Firewall WriteL4 DDoS Managed Ruleset WriteHTTP DDoS Managed Ruleset WriteSanitize WriteTransform Rules WriteSelect Configuration WriteBot Management WriteZone WAF WriteAccount WAF WriteAccount Rulesets WriteLogs WriteLogs Write
curl https://api.cloudflare.com/client/v4/zones/$ZONE_ID/rulesets/$RULESET_ID \ --request PUT \ --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ --json '{ "rules": [ { "action": "execute", "action_parameters": { "id": "<MANAGED_RULESET_ID>" }, "expression": "true" } ] }'{ "result": { "id": "<RULESET_ID>", "name": "Zone-level phase entry point ruleset", "description": "This ruleset executes a managed ruleset.", "kind": "zone", "version": "4", "rules": [ { "id": "<RULE_ID>", "version": "2", "action": "execute", "expression": "true", "action_parameters": { "id": "<MANAGED_RULESET_ID>" }, "last_updated": "2025-03-17T15:42:37.917815Z" } ], "last_updated": "2025-03-17T15:42:37.917815Z", "phase": "http_request_firewall_managed" }, "success": true, "errors": [], "messages": []}To deploy a ruleset, create a rule with "action": "execute" that executes the ruleset, and add the ruleset ID to the action_parameters field in the id parameter.
The following PUT request deploys a managed ruleset to the http_request_firewall_managed phase of a zone ($ZONE_ID).
Required API token permissions
At least one of the following token permissions
is required:
Response Compression WriteConfig Settings WriteDynamic URL Redirects WriteCache Settings WriteCustom Errors WriteOrigin WriteManaged headers WriteZone Transform Rules WriteMass URL Redirects WriteMagic Firewall WriteL4 DDoS Managed Ruleset WriteHTTP DDoS Managed Ruleset WriteSanitize WriteTransform Rules WriteSelect Configuration WriteBot Management WriteZone WAF WriteAccount WAF WriteAccount Rulesets WriteLogs WriteLogs Write
curl https://api.cloudflare.com/client/v4/zones/$ZONE_ID/rulesets/phases/http_request_firewall_managed/entrypoint \ --request PUT \ --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ --json '{ "rules": [ { "action": "execute", "action_parameters": { "id": "<MANAGED_RULESET_ID>" }, "expression": "true", "description": "Execute Cloudflare Managed Ruleset on my phase entry point ruleset" } ] }'{ "result": { "id": "<RULESET_ID>", "name": "Zone-level phase entry point ruleset", "description": "", "kind": "zone", "version": "4", "rules": [ { "id": "<RULE_ID_1>", "version": "1", "action": "execute", "action_parameters": { "id": "<MANAGED_RULESET_ID>", "version": "latest" }, "expression": "true", "description": "Execute Cloudflare Managed Ruleset on my phase entry point ruleset", "last_updated": "2025-03-21T11:02:08.769537Z", "ref": "<RULE_REF_1>", "enabled": true } ], "last_updated": "2025-03-21T11:02:08.769537Z", "phase": "http_request_firewall_managed" }, "success": true, "errors": [], "messages": []}For more information on deploying rulesets, refer to Deploy rulesets.
The following PUT request updates the description of an existing ruleset or phase entry point.
The response will include the complete ruleset definition, including all the rules.
Required API token permissions
At least one of the following token permissions
is required:
Response Compression WriteConfig Settings WriteDynamic URL Redirects WriteCache Settings WriteCustom Errors WriteOrigin WriteManaged headers WriteZone Transform Rules WriteMass URL Redirects WriteMagic Firewall WriteL4 DDoS Managed Ruleset WriteHTTP DDoS Managed Ruleset WriteSanitize WriteTransform Rules WriteSelect Configuration WriteBot Management WriteZone WAF WriteAccount WAF WriteAccount Rulesets WriteLogs WriteLogs Write
curl https://api.cloudflare.com/client/v4/zones/$ZONE_ID/rulesets/$RULESET_ID \ --request PUT \ --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ --json '{ "description": "My updated phase entry point ruleset" }'{ "result": { "id": "<RULESET_ID>", "name": "Zone entry point", "description": "My updated phase entry point ruleset", "kind": "zone", "version": "4", "rules": [ // (...) ], "last_updated": "2025-03-30T10:49:11.006109Z", "phase": "http_request_firewall_managed" }, "success": true, "errors": [], "messages": []}Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark