Cloudflare Docs
Ruleset Engine
Cloudflare Docs
Ruleset Engine
GitHub icon
Visit Ruleset Engine on GitHub
Set theme to dark (⇧+D)
  1. Products
  2. Ruleset Engine
  3. Rulesets API
  4. Update and deploy rulesets

Update and deploy rulesets

You can use the API to update basic properties of a ruleset (currently only the description) and the list of rules in the ruleset.

Use one of the following API endpoints:

Operation Method + Endpoint
Update an account ruleset PUT /accounts/{account_id}/rulesets/{ruleset_id}
Update a zone ruleset PUT /zones/{zone_id}/rulesets/{ruleset_id}
Update an account entry point ruleset PUT /accounts/{account_id}/rulesets/phases/{phase_name}/entrypoint
Update a zone entry point ruleset PUT /zones/{zone_id}/rulesets/phases/{phase_name}/entrypoint

​​ Example - Set the rules of a ruleset

Use this API method to set the rules of a ruleset. You must include all the rules you want to associate with the ruleset in every request.

Request 

curl --request PUT \
https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/{ruleset_id} \

--header "Authorization: Bearer <API_TOKEN>" \

--header "Content-Type: application/json" \

--data '{
  "rules": [
    {
      "action": "execute",
      "action_parameters": {
        "id": "<MANAGED_RULESET_ID>"
      },
      "expression": "true"
    }
  ]
}'
Response 

{
  "result": {
    "id": "<RULESET_ID>",
    "name": "Zone-level phase entry point",
    "description": "This ruleset executes a managed ruleset.",
    "kind": "zone",
    "version": "4",
    "rules": [
      {
        "id": "<RULE_ID>",
        "version": "2",
        "action": "execute",
        "expression": "true",
        "action_parameters": {
          "id": "<MANAGED_RULESET_ID>"
        },
        "last_updated": "2023-03-17T15:42:37.917815Z"
      }
    ],
    "last_updated": "2023-03-17T15:42:37.917815Z",
    "phase": "http_request_firewall_managed"
  },
  "success": true,
  "errors": [],
  "messages": []

}

​​ Example - Deploy a ruleset

To deploy a ruleset, create a rule with "action": "execute" that executes the ruleset, and add the ruleset ID to the action_parameters field in the id parameter.

The following example deploys a managed ruleset to the zone-level http_request_firewall_managed phase of a zone ({zone_id}).

Request 

curl --request PUT \
https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/phases/http_request_firewall_managed/entrypoint \

--header "Authorization: Bearer <API_TOKEN>" \

--header "Content-Type: application/json" \

--data '{
  "rules": [
    {
      "action": "execute",
      "action_parameters": {
        "id": "<MANAGED_RULESET_ID>"
      },
      "expression": "true",
      "description": "Execute Cloudflare Managed Ruleset on my phase entry point"
    }
  ]
}'
Response 

{
  "result": {
    "id": "<ZONE_PHASE_RULESET_ID>",
    "name": "Zone-level phase entry point",
    "description": "",
    "kind": "zone",
    "version": "4",
    "rules": [
      {
        "id": "<RULE_ID_1>",
        "version": "1",
        "action": "execute",
        "action_parameters": {
          "id": "<MANAGED_RULESET_ID>",
          "version": "latest"
        },
        "expression": "true",
        "description": "Execute Cloudflare Managed Ruleset on my phase entry point",
        "last_updated": "2023-03-21T11:02:08.769537Z",
        "ref": "<RULE_REF_1>",
        "enabled": true
      }
    ],
    "last_updated": "2023-03-21T11:02:08.769537Z",
    "phase": "http_request_firewall_managed"
  },
  "success": true,
  "errors": [],
  "messages": []

}

For more information on deploying rulesets, refer to Deploy rulesets.

​​ Example - Update ruleset description

You can use this API method to update the description of an existing ruleset or phase entry point.

Request 

curl --request PUT \
https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/{ruleset_id} \

--header "Authorization: Bearer <API_TOKEN>" \

--header "Content-Type: application/json" \

--data '{
  "description": "My updated phase entry point"
}'

The response includes the complete ruleset definition, including all the rules.

Response 

{
  "result": {
    "id": "<RULESET_ID>",
    "name": "Zone entry point",
    "description": "My updated phase entry point",
    "kind": "zone",
    "version": "4",
    "rules": [
      // (...)
    ],
    "last_updated": "2023-03-30T10:49:11.006109Z",
    "phase": "http_request_firewall_managed"
  },
  "success": true,
  "errors": [],
  "messages": []

}