Adjust the sensitivity of a specific HTTP DDoS rule to Low
Follow the steps below to override the sensitivity of a specific rule of the Cloudflare HTTP DDoS Attack Protection managed ruleset.
- Add a rule to a phase to deploy the Cloudflare HTTP DDoS Attack Protection managed ruleset. You only need to deploy this specific ruleset when you wish to define one or more overrides, since it is enabled by default.
- Configure a rule override that sets the
sensitivity_level
of a specific rule.
The example below uses the Update ruleset operation to execute the steps in a single PUT
request.
- Add a rule to the ruleset of the
ddos_l7
phase that applies the Cloudflare HTTP DDoS Attack Protection managed ruleset (with ID<HTTP_DDOS_RULESET_ID>
). - Create an override for the rule with ID
<RULE_ID>
and set the rule sensitivity tolow
. All other rules use the default sensitivity defined by Cloudflare.
Example: Use an override to set the sensitivity of an HTTP DDoS rule at the zone level
curl --request PUT \https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/phases/ddos_l7/entrypoint \--header "Authorization: Bearer <API_TOKEN>" \--header "Content-Type: application/json" \--data '{"rules": [{"action": "execute","expression": "true","action_parameters": {"id": "<HTTP_DDOS_RULESET_ID>","overrides": {"rules": [{"id": "<RULE_ID>","sensitivity_level": "low"}]}}}]}'