Skip to content

Update and deploy rulesets

You can use the API to update basic properties of a ruleset (currently only the description) and the list of rules in the ruleset.

Use one of the following API endpoints:

OperationMethod + Endpoint
Update an account rulesetPUT /accounts/{account_id}/rulesets/{ruleset_id}
Update a zone rulesetPUT /zones/{zone_id}/rulesets/{ruleset_id}
Update an account entry point rulesetPUT /accounts/{account_id}/rulesets/phases/{phase_name}/entrypoint
Update a zone entry point rulesetPUT /zones/{zone_id}/rulesets/phases/{phase_name}/entrypoint

Example - Set the rules of a ruleset

Use this API method to set the rules of a ruleset. You must include all the rules you want to associate with the ruleset in every request.

Request

Terminal window
curl --request PUT \
https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/{ruleset_id} \
--header "Authorization: Bearer <API_TOKEN>" \
--header "Content-Type: application/json" \
--data '{
"rules": [
{
"action": "execute",
"action_parameters": {
"id": "<MANAGED_RULESET_ID>"
},
"expression": "true"
}
]
}'

Response

{
"result": {
"id": "<RULESET_ID>",
"name": "Zone-level phase entry point",
"description": "This ruleset executes a managed ruleset.",
"kind": "zone",
"version": "4",
"rules": [
{
"id": "<RULE_ID>",
"version": "2",
"action": "execute",
"expression": "true",
"action_parameters": {
"id": "<MANAGED_RULESET_ID>"
},
"last_updated": "2023-03-17T15:42:37.917815Z"
}
],
"last_updated": "2023-03-17T15:42:37.917815Z",
"phase": "http_request_firewall_managed"
},
"success": true,
"errors": [],
"messages": []
}

Example - Deploy a ruleset

To deploy a ruleset, create a rule with "action": "execute" that executes the ruleset, and add the ruleset ID to the action_parameters field in the id parameter.

The following example deploys a managed ruleset to the zone-level http_request_firewall_managed phase of a zone ({zone_id}).

Request

Terminal window
curl --request PUT \
https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/phases/http_request_firewall_managed/entrypoint \
--header "Authorization: Bearer <API_TOKEN>" \
--header "Content-Type: application/json" \
--data '{
"rules": [
{
"action": "execute",
"action_parameters": {
"id": "<MANAGED_RULESET_ID>"
},
"expression": "true",
"description": "Execute Cloudflare Managed Ruleset on my phase entry point"
}
]
}'

Response

{
"result": {
"id": "<ZONE_PHASE_RULESET_ID>",
"name": "Zone-level phase entry point",
"description": "",
"kind": "zone",
"version": "4",
"rules": [
{
"id": "<RULE_ID_1>",
"version": "1",
"action": "execute",
"action_parameters": {
"id": "<MANAGED_RULESET_ID>",
"version": "latest"
},
"expression": "true",
"description": "Execute Cloudflare Managed Ruleset on my phase entry point",
"last_updated": "2023-03-21T11:02:08.769537Z",
"ref": "<RULE_REF_1>",
"enabled": true
}
],
"last_updated": "2023-03-21T11:02:08.769537Z",
"phase": "http_request_firewall_managed"
},
"success": true,
"errors": [],
"messages": []
}

For more information on deploying rulesets, refer to Deploy rulesets.

Example - Update ruleset description

You can use this API method to update the description of an existing ruleset or phase entry point.

Request

Terminal window
curl --request PUT \
https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/{ruleset_id} \
--header "Authorization: Bearer <API_TOKEN>" \
--header "Content-Type: application/json" \
--data '{
"description": "My updated phase entry point"
}'

The response includes the complete ruleset definition, including all the rules.

Response

{
"result": {
"id": "<RULESET_ID>",
"name": "Zone entry point",
"description": "My updated phase entry point",
"kind": "zone",
"version": "4",
"rules": [
// (...)
],
"last_updated": "2023-03-30T10:49:11.006109Z",
"phase": "http_request_firewall_managed"
},
"success": true,
"errors": [],
"messages": []
}