Skip to content
Firewall
Visit Firewall on GitHub
Set theme to dark (⇧+D)

Use rulesets and rule overrides to only enable selected rules

Use a ruleset override and a rule override in your root ruleset to deploy selected rules in a managed ruleset.

  1. Create a root ruleset if you do not already have one.
  2. Add a rule to your root ruleset to deploy a managed ruleset.
  3. Configure a ruleset override that disables all rules in the ruleset.
  4. Configure a rule override to set an action for rules you want to deploy.

The PUT request below uses the modify ruleset operation to deploy only two rules from the Cloudflare Managed Ruleset.

curl -s -X PUT "https://api.cloudflare.com/client/v4/accounts/{account-id}/rulesets/{root-ruleset-id}"  --data '{    "description": "My Root ruleset with ruleset and rule overrides",    "rules": [        {            "action": "execute",            "expression": "cf.zone.name eq \"example.com\"", "action_parameters": {                "id": "{managed_Ruleset_id}",                "overrides": {                    "rulesets": [                        {                            "enabled": "false"                        }],                    "rules": [                        {                            "id": "{rule-id-1}",                            "action": "block"                        },                        {                            "id": "{rule-id-2}",                            "action": "log"                        }]                }            }        }]}'
  • "id": "{managed_ruleset_id}" adds a rule to the root ruleset to apply the Cloudflare Managed Ruleset to requests for example.com.
  • "overrides": {"rulesets": {"enabled": false}} defines an override at the ruleset level to disable all rules in the managed ruleset.
  • "overrides": {"rules": [{"id": "{rule-id-1}", "action": "block"}, {"id": "{rule-id-2}", "action": "block"}]} defines a list of overrides at the rule level to enable two individual rules.