Docs
PackagesCloudflare v5.33.1 published on Wednesday, Jun 26, 2024 by Pulumi
cloudflare.Ruleset
Explore with Pulumi AI
The Cloudflare Ruleset Engine allows you to create and deploy rules and rulesets.
The engine syntax, inspired by the Wireshark Display Filter language, is the same syntax used in custom Firewall Rules. Cloudflare uses the Ruleset Engine in different products, allowing you to configure several products using the same basic syntax.
Example Usage
Coming soon!
Coming soon!
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.Ruleset;
import com.pulumi.cloudflare.RulesetArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersOverridesArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersUriArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersUriPathArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersUriQueryArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleRatelimitArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersOriginArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersEdgeTtlArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersBrowserTtlArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersServeStaleArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyQueryStringArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyHeaderArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyCookieArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyUserArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyHostArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersFromListArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersFromValueArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersFromValueTargetUrlArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Magic Transit
var magicTransitExample = new Ruleset("magicTransitExample", RulesetArgs.builder()
.accountId("f037e56e89293a057740de681ac9abbe")
.name("account magic transit")
.description("example magic transit ruleset description")
.kind("root")
.phase("magic_transit")
.rules(RulesetRuleArgs.builder()
.action("allow")
.expression("tcp.dstport in { 32768..65535 }")
.description("Allow TCP Ephemeral Ports")
.build())
.build());
// Zone-level WAF Managed Ruleset
var zoneLevelManagedWaf = new Ruleset("zoneLevelManagedWaf", RulesetArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("managed WAF")
.description("managed WAF ruleset description")
.kind("zone")
.phase("http_request_firewall_managed")
.rules(RulesetRuleArgs.builder()
.action("execute")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.id("efb7b8c949ac4650a09736fc376e9aee")
.build())
.expression("(http.host eq \"example.host.com\")")
.description("Execute Cloudflare Managed Ruleset on my zone-level phase entry point ruleset")
.enabled(true)
.build())
.build());
// Zone-level WAF with tag-based overrides
var zoneLevelManagedWafWithCategoryBasedOverrides = new Ruleset("zoneLevelManagedWafWithCategoryBasedOverrides", RulesetArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("managed WAF with tag-based overrides")
.description("managed WAF with tag-based overrides ruleset description")
.kind("zone")
.phase("http_request_firewall_managed")
.rules(RulesetRuleArgs.builder()
.action("execute")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.id("efb7b8c949ac4650a09736fc376e9aee")
.overrides(RulesetRuleActionParametersOverridesArgs.builder()
.categories(
RulesetRuleActionParametersOverridesCategoryArgs.builder()
.category("wordpress")
.action("block")
.enabled(true)
.build(),
RulesetRuleActionParametersOverridesCategoryArgs.builder()
.category("joomla")
.action("block")
.enabled(true)
.build())
.build())
.build())
.expression("(http.host eq \"example.host.com\")")
.description("overrides to only enable wordpress rules to block")
.enabled(false)
.build())
.build());
// Rewrite the URI path component to a static path
var transformUriRulePath = new Ruleset("transformUriRulePath", RulesetArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("transform rule for URI path")
.description("change the URI path to a new static path")
.kind("zone")
.phase("http_request_transform")
.rules(RulesetRuleArgs.builder()
.action("rewrite")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.uri(RulesetRuleActionParametersUriArgs.builder()
.path(RulesetRuleActionParametersUriPathArgs.builder()
.value("/my-new-route")
.build())
.build())
.build())
.expression("(http.host eq \"example.com\" and http.request.uri.path eq \"/old-path\")")
.description("example URI path transform rule")
.enabled(true)
.build())
.build());
// Rewrite the URI query component to a static query
var transformUriRuleQuery = new Ruleset("transformUriRuleQuery", RulesetArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("transform rule for URI query parameter")
.description("change the URI query to a new static query")
.kind("zone")
.phase("http_request_transform")
.rules(RulesetRuleArgs.builder()
.action("rewrite")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.uri(RulesetRuleActionParametersUriArgs.builder()
.query(RulesetRuleActionParametersUriQueryArgs.builder()
.value("old=new_again")
.build())
.build())
.build())
.expression("(http.host eq \"example.host.com\")")
.description("URI transformation query example")
.enabled(true)
.build())
.build());
// Rewrite HTTP headers to a modified values
var transformUriHttpHeaders = new Ruleset("transformUriHttpHeaders", RulesetArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("transform rule for HTTP headers")
.description("modify HTTP headers before reaching origin")
.kind("zone")
.phase("http_request_late_transform")
.rules(RulesetRuleArgs.builder()
.action("rewrite")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.headers(
RulesetRuleActionParametersHeaderArgs.builder()
.name("example-http-header-1")
.operation("set")
.value("my-http-header-value-1")
.build(),
RulesetRuleActionParametersHeaderArgs.builder()
.name("example-http-header-2")
.operation("set")
.expression("cf.zone.name")
.build(),
RulesetRuleActionParametersHeaderArgs.builder()
.name("example-http-header-3-to-remove")
.operation("remove")
.build())
.build())
.expression("(http.host eq \"example.host.com\")")
.description("example request header transform rule")
.enabled(false)
.build())
.build());
// HTTP rate limit for an API route
var rateLimitingExample = new Ruleset("rateLimitingExample", RulesetArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("restrict API requests count")
.description("apply HTTP rate limiting for a route")
.kind("zone")
.phase("http_ratelimit")
.rules(RulesetRuleArgs.builder()
.action("block")
.ratelimit(RulesetRuleRatelimitArgs.builder()
.characteristics(
"cf.colo.id",
"ip.src")
.period(60)
.requestsPerPeriod(100)
.mitigationTimeout(600)
.build())
.expression("(http.request.uri.path matches \"^/api/\")")
.description("rate limit for API")
.enabled(true)
.build())
.build());
// Change origin for an API route
var httpOriginExample = new Ruleset("httpOriginExample", RulesetArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("Change to some origin")
.description("Change origin for a route")
.kind("zone")
.phase("http_request_origin")
.rules(RulesetRuleArgs.builder()
.action("route")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.hostHeader("some.host")
.origin(RulesetRuleActionParametersOriginArgs.builder()
.host("some.host")
.port(80)
.build())
.build())
.expression("(http.request.uri.path matches \"^/api/\")")
.description("change origin to some.host")
.enabled(true)
.build())
.build());
// Custom fields logging
var customFieldsLoggingExample = new Ruleset("customFieldsLoggingExample", RulesetArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("log custom fields")
.description("add custom fields to logging")
.kind("zone")
.phase("http_log_custom_fields")
.rules(RulesetRuleArgs.builder()
.action("log_custom_field")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.requestFields(
"content-type",
"x-forwarded-for",
"host")
.responseFields(
"server",
"content-type",
"allow")
.cookieFields(
"__ga",
"accountNumber",
"__cfruid")
.build())
.expression("(http.host eq \"example.host.com\")")
.description("log custom fields rule")
.enabled(true)
.build())
.build());
// Custom cache keys + settings
var cacheSettingsExample = new Ruleset("cacheSettingsExample", RulesetArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("set cache settings")
.description("set cache settings for the request")
.kind("zone")
.phase("http_request_cache_settings")
.rules(RulesetRuleArgs.builder()
.action("set_cache_settings")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.edgeTtl(RulesetRuleActionParametersEdgeTtlArgs.builder()
.mode("override_origin")
.default_(60)
.statusCodeTtls(
RulesetRuleActionParametersEdgeTtlStatusCodeTtlArgs.builder()
.statusCode(200)
.value(50)
.build(),
RulesetRuleActionParametersEdgeTtlStatusCodeTtlArgs.builder()
.statusCodeRange(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.value(30)
.build())
.build())
.browserTtl(RulesetRuleActionParametersBrowserTtlArgs.builder()
.mode("respect_origin")
.build())
.serveStale(RulesetRuleActionParametersServeStaleArgs.builder()
.disableStaleWhileUpdating(true)
.build())
.respectStrongEtags(true)
.cacheKey(RulesetRuleActionParametersCacheKeyArgs.builder()
.ignoreQueryStringsOrder(false)
.cacheDeceptionArmor(true)
.customKey(RulesetRuleActionParametersCacheKeyCustomKeyArgs.builder()
.queryString(RulesetRuleActionParametersCacheKeyCustomKeyQueryStringArgs.builder()
.excludes("*")
.build())
.header(RulesetRuleActionParametersCacheKeyCustomKeyHeaderArgs.builder()
.includes(
"habc",
"hdef")
.checkPresences(
"habc_t",
"hdef_t")
.excludeOrigin(true)
.build())
.cookie(RulesetRuleActionParametersCacheKeyCustomKeyCookieArgs.builder()
.includes(
"cabc",
"cdef")
.checkPresences(
"cabc_t",
"cdef_t")
.build())
.user(RulesetRuleActionParametersCacheKeyCustomKeyUserArgs.builder()
.deviceType(true)
.geo(false)
.build())
.host(RulesetRuleActionParametersCacheKeyCustomKeyHostArgs.builder()
.resolved(true)
.build())
.build())
.build())
.originErrorPagePassthru(false)
.build())
.expression("(http.host eq \"example.host.com\")")
.description("set cache settings rule")
.enabled(true)
.build())
.build());
// Redirects based on a List resource
var redirectFromListExample = new Ruleset("redirectFromListExample", RulesetArgs.builder()
.accountId("f037e56e89293a057740de681ac9abbe")
.name("redirects")
.description("Redirect ruleset")
.kind("root")
.phase("http_request_redirect")
.rules(RulesetRuleArgs.builder()
.action("redirect")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.fromList(RulesetRuleActionParametersFromListArgs.builder()
.name("redirect_list")
.key("http.request.full_uri")
.build())
.build())
.expression("http.request.full_uri in $redirect_list")
.description("Apply redirects from redirect_list")
.enabled(true)
.build())
.build());
// Dynamic Redirects from value resource
var redirectFromValueExample = new Ruleset("redirectFromValueExample", RulesetArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("redirects")
.description("Redirect ruleset")
.kind("zone")
.phase("http_request_dynamic_redirect")
.rules(RulesetRuleArgs.builder()
.action("redirect")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.fromValue(RulesetRuleActionParametersFromValueArgs.builder()
.statusCode(301)
.targetUrl(RulesetRuleActionParametersFromValueTargetUrlArgs.builder()
.value("some_host.com")
.build())
.preserveQueryString(true)
.build())
.build())
.expression("(http.request.uri.path matches \"^/api/\")")
.description("Apply redirect from value")
.enabled(true)
.build())
.build());
// Serve some custom error response
var httpCustomErrorExample = new Ruleset("httpCustomErrorExample", RulesetArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("Serve some error response")
.description("Serve some error response")
.kind("zone")
.phase("http_custom_errors")
.rules(RulesetRuleArgs.builder()
.action("serve_error")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.content("some error html")
.contentType("text/html")
.statusCode("530")
.build())
.expression("(http.request.uri.path matches \"^/api/\")")
.description("serve some error response")
.enabled(true)
.build())
.build());
// Set Configuration Rules for an API route
var httpConfigRulesExample = new Ruleset("httpConfigRulesExample", RulesetArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("set config rules")
.description("set config rules for request")
.kind("zone")
.phase("http_config_settings")
.rules(RulesetRuleArgs.builder()
.action("set_config")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.emailObfuscation(true)
.bic(true)
.build())
.expression("(http.request.uri.path matches \"^/api/\")")
.description("set config rules for matching request")
.enabled(true)
.build())
.build());
// Set compress algorithm for response.
var responseCompressBrotliHtml = new Ruleset("responseCompressBrotliHtml", RulesetArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("Brotli response compression for HTML")
.description("Response compression ruleset")
.kind("zone")
.phase("http_response_compression")
.rules(RulesetRuleArgs.builder()
.action("compress_response")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.algorithms(
RulesetRuleActionParametersAlgorithmArgs.builder()
.name("brotli")
.build(),
RulesetRuleActionParametersAlgorithmArgs.builder()
.name("auto")
.build())
.build())
.expression("http.response.content_type.media_type == \"text/html\"")
.description("Prefer brotli compression for HTML")
.enabled(true)
.build())
.build());
}
}
resources:
# Magic Transit
magicTransitExample:
type: cloudflare:Ruleset
name: magic_transit_example
properties:
accountId: f037e56e89293a057740de681ac9abbe
name: account magic transit
description: example magic transit ruleset description
kind: root
phase: magic_transit
rules:
- action: allow
expression: tcp.dstport in { 32768..65535 }
description: Allow TCP Ephemeral Ports
# Zone-level WAF Managed Ruleset
zoneLevelManagedWaf:
type: cloudflare:Ruleset
name: zone_level_managed_waf
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
name: managed WAF
description: managed WAF ruleset description
kind: zone
phase: http_request_firewall_managed
rules:
- action: execute
actionParameters:
id: efb7b8c949ac4650a09736fc376e9aee
expression: (http.host eq "example.host.com")
description: Execute Cloudflare Managed Ruleset on my zone-level phase entry point ruleset
enabled: true
# Zone-level WAF with tag-based overrides
zoneLevelManagedWafWithCategoryBasedOverrides:
type: cloudflare:Ruleset
name: zone_level_managed_waf_with_category_based_overrides
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
name: managed WAF with tag-based overrides
description: managed WAF with tag-based overrides ruleset description
kind: zone
phase: http_request_firewall_managed
rules:
- action: execute
actionParameters:
id: efb7b8c949ac4650a09736fc376e9aee
overrides:
categories:
- category: wordpress
action: block
enabled: true
- category: joomla
action: block
enabled: true
expression: (http.host eq "example.host.com")
description: overrides to only enable wordpress rules to block
enabled: false
# Rewrite the URI path component to a static path
transformUriRulePath:
type: cloudflare:Ruleset
name: transform_uri_rule_path
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
name: transform rule for URI path
description: change the URI path to a new static path
kind: zone
phase: http_request_transform
rules:
- action: rewrite
actionParameters:
uri:
path:
value: /my-new-route
expression: (http.host eq "example.com" and http.request.uri.path eq "/old-path")
description: example URI path transform rule
enabled: true
# Rewrite the URI query component to a static query
transformUriRuleQuery:
type: cloudflare:Ruleset
name: transform_uri_rule_query
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
name: transform rule for URI query parameter
description: change the URI query to a new static query
kind: zone
phase: http_request_transform
rules:
- action: rewrite
actionParameters:
uri:
query:
value: old=new_again
expression: (http.host eq "example.host.com")
description: URI transformation query example
enabled: true
# Rewrite HTTP headers to a modified values
transformUriHttpHeaders:
type: cloudflare:Ruleset
name: transform_uri_http_headers
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
name: transform rule for HTTP headers
description: modify HTTP headers before reaching origin
kind: zone
phase: http_request_late_transform
rules:
- action: rewrite
actionParameters:
headers:
- name: example-http-header-1
operation: set
value: my-http-header-value-1
- name: example-http-header-2
operation: set
expression: cf.zone.name
- name: example-http-header-3-to-remove
operation: remove
expression: (http.host eq "example.host.com")
description: example request header transform rule
enabled: false
# HTTP rate limit for an API route
rateLimitingExample:
type: cloudflare:Ruleset
name: rate_limiting_example
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
name: restrict API requests count
description: apply HTTP rate limiting for a route
kind: zone
phase: http_ratelimit
rules:
- action: block
ratelimit:
characteristics:
- cf.colo.id
- ip.src
period: 60
requestsPerPeriod: 100
mitigationTimeout: 600
expression: (http.request.uri.path matches "^/api/")
description: rate limit for API
enabled: true
# Change origin for an API route
httpOriginExample:
type: cloudflare:Ruleset
name: http_origin_example
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
name: Change to some origin
description: Change origin for a route
kind: zone
phase: http_request_origin
rules:
- action: route
actionParameters:
hostHeader: some.host
origin:
host: some.host
port: 80
expression: (http.request.uri.path matches "^/api/")
description: change origin to some.host
enabled: true
# Custom fields logging
customFieldsLoggingExample:
type: cloudflare:Ruleset
name: custom_fields_logging_example
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
name: log custom fields
description: add custom fields to logging
kind: zone
phase: http_log_custom_fields
rules:
- action: log_custom_field
actionParameters:
requestFields:
- content-type
- x-forwarded-for
- host
responseFields:
- server
- content-type
- allow
cookieFields:
- __ga
- accountNumber
- __cfruid
expression: (http.host eq "example.host.com")
description: log custom fields rule
enabled: true
# Custom cache keys + settings
cacheSettingsExample:
type: cloudflare:Ruleset
name: cache_settings_example
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
name: set cache settings
description: set cache settings for the request
kind: zone
phase: http_request_cache_settings
rules:
- action: set_cache_settings
actionParameters:
edgeTtl:
mode: override_origin
default: 60
statusCodeTtls:
- statusCode: 200
value: 50
- statusCodeRange:
from: 201
to: 300
value: 30
browserTtl:
mode: respect_origin
serveStale:
disableStaleWhileUpdating: true
respectStrongEtags: true
cacheKey:
ignoreQueryStringsOrder: false
cacheDeceptionArmor: true
customKey:
queryString:
excludes:
- '*'
header:
includes:
- habc
- hdef
checkPresences:
- habc_t
- hdef_t
excludeOrigin: true
cookie:
includes:
- cabc
- cdef
checkPresences:
- cabc_t
- cdef_t
user:
deviceType: true
geo: false
host:
resolved: true
originErrorPagePassthru: false
expression: (http.host eq "example.host.com")
description: set cache settings rule
enabled: true
# Redirects based on a List resource
redirectFromListExample:
type: cloudflare:Ruleset
name: redirect_from_list_example
properties:
accountId: f037e56e89293a057740de681ac9abbe
name: redirects
description: Redirect ruleset
kind: root
phase: http_request_redirect
rules:
- action: redirect
actionParameters:
fromList:
name: redirect_list
key: http.request.full_uri
expression: http.request.full_uri in $redirect_list
description: Apply redirects from redirect_list
enabled: true
# Dynamic Redirects from value resource
redirectFromValueExample:
type: cloudflare:Ruleset
name: redirect_from_value_example
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
name: redirects
description: Redirect ruleset
kind: zone
phase: http_request_dynamic_redirect
rules:
- action: redirect
actionParameters:
fromValue:
statusCode: 301
targetUrl:
value: some_host.com
preserveQueryString: true
expression: (http.request.uri.path matches "^/api/")
description: Apply redirect from value
enabled: true
# Serve some custom error response
httpCustomErrorExample:
type: cloudflare:Ruleset
name: http_custom_error_example
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
name: Serve some error response
description: Serve some error response
kind: zone
phase: http_custom_errors
rules:
- action: serve_error
actionParameters:
content: some error html
contentType: text/html
statusCode: '530'
expression: (http.request.uri.path matches "^/api/")
description: serve some error response
enabled: true
# Set Configuration Rules for an API route
httpConfigRulesExample:
type: cloudflare:Ruleset
name: http_config_rules_example
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
name: set config rules
description: set config rules for request
kind: zone
phase: http_config_settings
rules:
- action: set_config
actionParameters:
emailObfuscation: true
bic: true
expression: (http.request.uri.path matches "^/api/")
description: set config rules for matching request
enabled: true
# Set compress algorithm for response.
responseCompressBrotliHtml:
type: cloudflare:Ruleset
name: response_compress_brotli_html
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
name: Brotli response compression for HTML
description: Response compression ruleset
kind: zone
phase: http_response_compression
rules:
- action: compress_response
actionParameters:
algorithms:
- name: brotli
- name: auto
expression: http.response.content_type.media_type == "text/html"
description: Prefer brotli compression for HTML
enabled: true
Create Ruleset Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Ruleset(name: string, args: RulesetArgs, opts?: CustomResourceOptions);@overload
def Ruleset(resource_name: str,
args: RulesetArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Ruleset(resource_name: str,
opts: Optional[ResourceOptions] = None,
kind: Optional[str] = None,
name: Optional[str] = None,
phase: Optional[str] = None,
account_id: Optional[str] = None,
description: Optional[str] = None,
rules: Optional[Sequence[RulesetRuleArgs]] = None,
zone_id: Optional[str] = None)func NewRuleset(ctx *Context, name string, args RulesetArgs, opts ...ResourceOption) (*Ruleset, error)public Ruleset(string name, RulesetArgs args, CustomResourceOptions? opts = null)
public Ruleset(String name, RulesetArgs args)
public Ruleset(String name, RulesetArgs args, CustomResourceOptions options)
type: cloudflare:Ruleset
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RulesetArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RulesetArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RulesetArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RulesetArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RulesetArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var rulesetResource = new Cloudflare.Ruleset("rulesetResource", new()
{
Kind = "string",
Name = "string",
Phase = "string",
AccountId = "string",
Description = "string",
Rules = new[]
{
new Cloudflare.Inputs.RulesetRuleArgs
{
Expression = "string",
Action = "string",
ActionParameters = new Cloudflare.Inputs.RulesetRuleActionParametersArgs
{
AdditionalCacheablePorts = new[]
{
0,
},
Algorithms = new[]
{
new Cloudflare.Inputs.RulesetRuleActionParametersAlgorithmArgs
{
Name = "string",
},
},
AutomaticHttpsRewrites = false,
Autominifies = new[]
{
new Cloudflare.Inputs.RulesetRuleActionParametersAutominifyArgs
{
Css = false,
Html = false,
Js = false,
},
},
Bic = false,
BrowserTtl = new Cloudflare.Inputs.RulesetRuleActionParametersBrowserTtlArgs
{
Mode = "string",
Default = 0,
},
Cache = false,
CacheKey = new Cloudflare.Inputs.RulesetRuleActionParametersCacheKeyArgs
{
CacheByDeviceType = false,
CacheDeceptionArmor = false,
CustomKey = new Cloudflare.Inputs.RulesetRuleActionParametersCacheKeyCustomKeyArgs
{
Cookie = new Cloudflare.Inputs.RulesetRuleActionParametersCacheKeyCustomKeyCookieArgs
{
CheckPresences = new[]
{
"string",
},
Includes = new[]
{
"string",
},
},
Header = new Cloudflare.Inputs.RulesetRuleActionParametersCacheKeyCustomKeyHeaderArgs
{
CheckPresences = new[]
{
"string",
},
ExcludeOrigin = false,
Includes = new[]
{
"string",
},
},
Host = new Cloudflare.Inputs.RulesetRuleActionParametersCacheKeyCustomKeyHostArgs
{
Resolved = false,
},
QueryString = new Cloudflare.Inputs.RulesetRuleActionParametersCacheKeyCustomKeyQueryStringArgs
{
Excludes = new[]
{
"string",
},
Includes = new[]
{
"string",
},
},
User = new Cloudflare.Inputs.RulesetRuleActionParametersCacheKeyCustomKeyUserArgs
{
DeviceType = false,
Geo = false,
Lang = false,
},
},
IgnoreQueryStringsOrder = false,
},
Content = "string",
ContentType = "string",
CookieFields = new[]
{
"string",
},
DisableApps = false,
DisableRailgun = false,
DisableRum = false,
DisableZaraz = false,
EdgeTtl = new Cloudflare.Inputs.RulesetRuleActionParametersEdgeTtlArgs
{
Mode = "string",
Default = 0,
StatusCodeTtls = new[]
{
new Cloudflare.Inputs.RulesetRuleActionParametersEdgeTtlStatusCodeTtlArgs
{
StatusCode = 0,
StatusCodeRanges = new[]
{
new Cloudflare.Inputs.RulesetRuleActionParametersEdgeTtlStatusCodeTtlStatusCodeRangeArgs
{
From = 0,
To = 0,
},
},
Value = 0,
},
},
},
EmailObfuscation = false,
Fonts = false,
FromList = new Cloudflare.Inputs.RulesetRuleActionParametersFromListArgs
{
Key = "string",
Name = "string",
},
FromValue = new Cloudflare.Inputs.RulesetRuleActionParametersFromValueArgs
{
PreserveQueryString = false,
StatusCode = 0,
TargetUrl = new Cloudflare.Inputs.RulesetRuleActionParametersFromValueTargetUrlArgs
{
Expression = "string",
Value = "string",
},
},
Headers = new[]
{
new Cloudflare.Inputs.RulesetRuleActionParametersHeaderArgs
{
Expression = "string",
Name = "string",
Operation = "string",
Value = "string",
},
},
HostHeader = "string",
HotlinkProtection = false,
Id = "string",
Increment = 0,
MatchedData = new Cloudflare.Inputs.RulesetRuleActionParametersMatchedDataArgs
{
PublicKey = "string",
},
Mirage = false,
OpportunisticEncryption = false,
Origin = new Cloudflare.Inputs.RulesetRuleActionParametersOriginArgs
{
Host = "string",
Port = 0,
},
OriginCacheControl = false,
OriginErrorPagePassthru = false,
Overrides = new Cloudflare.Inputs.RulesetRuleActionParametersOverridesArgs
{
Action = "string",
Categories = new[]
{
new Cloudflare.Inputs.RulesetRuleActionParametersOverridesCategoryArgs
{
Action = "string",
Category = "string",
Enabled = false,
},
},
Enabled = false,
Rules = new[]
{
new Cloudflare.Inputs.RulesetRuleActionParametersOverridesRuleArgs
{
Action = "string",
Enabled = false,
Id = "string",
ScoreThreshold = 0,
SensitivityLevel = "string",
},
},
SensitivityLevel = "string",
},
Phases = new[]
{
"string",
},
Polish = "string",
Products = new[]
{
"string",
},
ReadTimeout = 0,
RequestFields = new[]
{
"string",
},
RespectStrongEtags = false,
ResponseFields = new[]
{
"string",
},
Responses = new[]
{
new Cloudflare.Inputs.RulesetRuleActionParametersResponseArgs
{
Content = "string",
ContentType = "string",
StatusCode = 0,
},
},
RocketLoader = false,
Rules =
{
{ "string", "string" },
},
Ruleset = "string",
Rulesets = new[]
{
"string",
},
SecurityLevel = "string",
ServeStale = new Cloudflare.Inputs.RulesetRuleActionParametersServeStaleArgs
{
DisableStaleWhileUpdating = false,
},
ServerSideExcludes = false,
Sni = new Cloudflare.Inputs.RulesetRuleActionParametersSniArgs
{
Value = "string",
},
Ssl = "string",
StatusCode = 0,
Sxg = false,
Uri = new Cloudflare.Inputs.RulesetRuleActionParametersUriArgs
{
Origin = false,
Path = new Cloudflare.Inputs.RulesetRuleActionParametersUriPathArgs
{
Expression = "string",
Value = "string",
},
Query = new Cloudflare.Inputs.RulesetRuleActionParametersUriQueryArgs
{
Expression = "string",
Value = "string",
},
},
Version = "string",
},
Description = "string",
Enabled = false,
ExposedCredentialCheck = new Cloudflare.Inputs.RulesetRuleExposedCredentialCheckArgs
{
PasswordExpression = "string",
UsernameExpression = "string",
},
Id = "string",
LastUpdated = "string",
Logging = new Cloudflare.Inputs.RulesetRuleLoggingArgs
{
Enabled = false,
},
Ratelimit = new Cloudflare.Inputs.RulesetRuleRatelimitArgs
{
Characteristics = new[]
{
"string",
},
CountingExpression = "string",
MitigationTimeout = 0,
Period = 0,
RequestsPerPeriod = 0,
RequestsToOrigin = false,
ScorePerPeriod = 0,
ScoreResponseHeaderName = "string",
},
Ref = "string",
Version = "string",
},
},
ZoneId = "string",
});
example, err := cloudflare.NewRuleset(ctx, "rulesetResource", &cloudflare.RulesetArgs{
Kind: pulumi.String("string"),
Name: pulumi.String("string"),
Phase: pulumi.String("string"),
AccountId: pulumi.String("string"),
Description: pulumi.String("string"),
Rules: cloudflare.RulesetRuleArray{
&cloudflare.RulesetRuleArgs{
Expression: pulumi.String("string"),
Action: pulumi.String("string"),
ActionParameters: &cloudflare.RulesetRuleActionParametersArgs{
AdditionalCacheablePorts: pulumi.IntArray{
pulumi.Int(0),
},
Algorithms: cloudflare.RulesetRuleActionParametersAlgorithmArray{
&cloudflare.RulesetRuleActionParametersAlgorithmArgs{
Name: pulumi.String("string"),
},
},
AutomaticHttpsRewrites: pulumi.Bool(false),
Autominifies: cloudflare.RulesetRuleActionParametersAutominifyArray{
&cloudflare.RulesetRuleActionParametersAutominifyArgs{
Css: pulumi.Bool(false),
Html: pulumi.Bool(false),
Js: pulumi.Bool(false),
},
},
Bic: pulumi.Bool(false),
BrowserTtl: &cloudflare.RulesetRuleActionParametersBrowserTtlArgs{
Mode: pulumi.String("string"),
Default: pulumi.Int(0),
},
Cache: pulumi.Bool(false),
CacheKey: &cloudflare.RulesetRuleActionParametersCacheKeyArgs{
CacheByDeviceType: pulumi.Bool(false),
CacheDeceptionArmor: pulumi.Bool(false),
CustomKey: &cloudflare.RulesetRuleActionParametersCacheKeyCustomKeyArgs{
Cookie: &cloudflare.RulesetRuleActionParametersCacheKeyCustomKeyCookieArgs{
CheckPresences: pulumi.StringArray{
pulumi.String("string"),
},
Includes: pulumi.StringArray{
pulumi.String("string"),
},
},
Header: &cloudflare.RulesetRuleActionParametersCacheKeyCustomKeyHeaderArgs{
CheckPresences: pulumi.StringArray{
pulumi.String("string"),
},
ExcludeOrigin: pulumi.Bool(false),
Includes: pulumi.StringArray{
pulumi.String("string"),
},
},
Host: &cloudflare.RulesetRuleActionParametersCacheKeyCustomKeyHostArgs{
Resolved: pulumi.Bool(false),
},
QueryString: &cloudflare.RulesetRuleActionParametersCacheKeyCustomKeyQueryStringArgs{
Excludes: pulumi.StringArray{
pulumi.String("string"),
},
Includes: pulumi.StringArray{
pulumi.String("string"),
},
},
User: &cloudflare.RulesetRuleActionParametersCacheKeyCustomKeyUserArgs{
DeviceType: pulumi.Bool(false),
Geo: pulumi.Bool(false),
Lang: pulumi.Bool(false),
},
},
IgnoreQueryStringsOrder: pulumi.Bool(false),
},
Content: pulumi.String("string"),
ContentType: pulumi.String("string"),
CookieFields: pulumi.StringArray{
pulumi.String("string"),
},
DisableApps: pulumi.Bool(false),
DisableRailgun: pulumi.Bool(false),
DisableRum: pulumi.Bool(false),
DisableZaraz: pulumi.Bool(false),
EdgeTtl: &cloudflare.RulesetRuleActionParametersEdgeTtlArgs{
Mode: pulumi.String("string"),
Default: pulumi.Int(0),
StatusCodeTtls: cloudflare.RulesetRuleActionParametersEdgeTtlStatusCodeTtlArray{
&cloudflare.RulesetRuleActionParametersEdgeTtlStatusCodeTtlArgs{
StatusCode: pulumi.Int(0),
StatusCodeRanges: cloudflare.RulesetRuleActionParametersEdgeTtlStatusCodeTtlStatusCodeRangeArray{
&cloudflare.RulesetRuleActionParametersEdgeTtlStatusCodeTtlStatusCodeRangeArgs{
From: pulumi.Int(0),
To: pulumi.Int(0),
},
},
Value: pulumi.Int(0),
},
},
},
EmailObfuscation: pulumi.Bool(false),
Fonts: pulumi.Bool(false),
FromList: &cloudflare.RulesetRuleActionParametersFromListArgs{
Key: pulumi.String("string"),
Name: pulumi.String("string"),
},
FromValue: &cloudflare.RulesetRuleActionParametersFromValueArgs{
PreserveQueryString: pulumi.Bool(false),
StatusCode: pulumi.Int(0),
TargetUrl: &cloudflare.RulesetRuleActionParametersFromValueTargetUrlArgs{
Expression: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
Headers: cloudflare.RulesetRuleActionParametersHeaderArray{
&cloudflare.RulesetRuleActionParametersHeaderArgs{
Expression: pulumi.String("string"),
Name: pulumi.String("string"),
Operation: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
HostHeader: pulumi.String("string"),
HotlinkProtection: pulumi.Bool(false),
Id: pulumi.String("string"),
Increment: pulumi.Int(0),
MatchedData: &cloudflare.RulesetRuleActionParametersMatchedDataArgs{
PublicKey: pulumi.String("string"),
},
Mirage: pulumi.Bool(false),
OpportunisticEncryption: pulumi.Bool(false),
Origin: &cloudflare.RulesetRuleActionParametersOriginArgs{
Host: pulumi.String("string"),
Port: pulumi.Int(0),
},
OriginCacheControl: pulumi.Bool(false),
OriginErrorPagePassthru: pulumi.Bool(false),
Overrides: &cloudflare.RulesetRuleActionParametersOverridesArgs{
Action: pulumi.String("string"),
Categories: cloudflare.RulesetRuleActionParametersOverridesCategoryArray{
&cloudflare.RulesetRuleActionParametersOverridesCategoryArgs{
Action: pulumi.String("string"),
Category: pulumi.String("string"),
Enabled: pulumi.Bool(false),
},
},
Enabled: pulumi.Bool(false),
Rules: cloudflare.RulesetRuleActionParametersOverridesRuleArray{
&cloudflare.RulesetRuleActionParametersOverridesRuleArgs{
Action: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Id: pulumi.String("string"),
ScoreThreshold: pulumi.Int(0),
SensitivityLevel: pulumi.String("string"),
},
},
SensitivityLevel: pulumi.String("string"),
},
Phases: pulumi.StringArray{
pulumi.String("string"),
},
Polish: pulumi.String("string"),
Products: pulumi.StringArray{
pulumi.String("string"),
},
ReadTimeout: pulumi.Int(0),
RequestFields: pulumi.StringArray{
pulumi.String("string"),
},
RespectStrongEtags: pulumi.Bool(false),
ResponseFields: pulumi.StringArray{
pulumi.String("string"),
},
Responses: cloudflare.RulesetRuleActionParametersResponseArray{
&cloudflare.RulesetRuleActionParametersResponseArgs{
Content: pulumi.String("string"),
ContentType: pulumi.String("string"),
StatusCode: pulumi.Int(0),
},
},
RocketLoader: pulumi.Bool(false),
Rules: pulumi.StringMap{
"string": pulumi.String("string"),
},
Ruleset: pulumi.String("string"),
Rulesets: pulumi.StringArray{
pulumi.String("string"),
},
SecurityLevel: pulumi.String("string"),
ServeStale: &cloudflare.RulesetRuleActionParametersServeStaleArgs{
DisableStaleWhileUpdating: pulumi.Bool(false),
},
ServerSideExcludes: pulumi.Bool(false),
Sni: &cloudflare.RulesetRuleActionParametersSniArgs{
Value: pulumi.String("string"),
},
Ssl: pulumi.String("string"),
StatusCode: pulumi.Int(0),
Sxg: pulumi.Bool(false),
Uri: &cloudflare.RulesetRuleActionParametersUriArgs{
Origin: pulumi.Bool(false),
Path: &cloudflare.RulesetRuleActionParametersUriPathArgs{
Expression: pulumi.String("string"),
Value: pulumi.String("string"),
},
Query: &cloudflare.RulesetRuleActionParametersUriQueryArgs{
Expression: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
Version: pulumi.String("string"),
},
Description: pulumi.String("string"),
Enabled: pulumi.Bool(false),
ExposedCredentialCheck: &cloudflare.RulesetRuleExposedCredentialCheckArgs{
PasswordExpression: pulumi.String("string"),
UsernameExpression: pulumi.String("string"),
},
Id: pulumi.String("string"),
LastUpdated: pulumi.String("string"),
Logging: &cloudflare.RulesetRuleLoggingArgs{
Enabled: pulumi.Bool(false),
},
Ratelimit: &cloudflare.RulesetRuleRatelimitArgs{
Characteristics: pulumi.StringArray{
pulumi.String("string"),
},
CountingExpression: pulumi.String("string"),
MitigationTimeout: pulumi.Int(0),
Period: pulumi.Int(0),
RequestsPerPeriod: pulumi.Int(0),
RequestsToOrigin: pulumi.Bool(false),
ScorePerPeriod: pulumi.Int(0),
ScoreResponseHeaderName: pulumi.String("string"),
},
Ref: pulumi.String("string"),
Version: pulumi.String("string"),
},
},
ZoneId: pulumi.String("string"),
})
var rulesetResource = new Ruleset("rulesetResource", RulesetArgs.builder()
.kind("string")
.name("string")
.phase("string")
.accountId("string")
.description("string")
.rules(RulesetRuleArgs.builder()
.expression("string")
.action("string")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.additionalCacheablePorts(0)
.algorithms(RulesetRuleActionParametersAlgorithmArgs.builder()
.name("string")
.build())
.automaticHttpsRewrites(false)
.autominifies(RulesetRuleActionParametersAutominifyArgs.builder()
.css(false)
.html(false)
.js(false)
.build())
.bic(false)
.browserTtl(RulesetRuleActionParametersBrowserTtlArgs.builder()
.mode("string")
.default_(0)
.build())
.cache(false)
.cacheKey(RulesetRuleActionParametersCacheKeyArgs.builder()
.cacheByDeviceType(false)
.cacheDeceptionArmor(false)
.customKey(RulesetRuleActionParametersCacheKeyCustomKeyArgs.builder()
.cookie(RulesetRuleActionParametersCacheKeyCustomKeyCookieArgs.builder()
.checkPresences("string")
.includes("string")
.build())
.header(RulesetRuleActionParametersCacheKeyCustomKeyHeaderArgs.builder()
.checkPresences("string")
.excludeOrigin(false)
.includes("string")
.build())
.host(RulesetRuleActionParametersCacheKeyCustomKeyHostArgs.builder()
.resolved(false)
.build())
.queryString(RulesetRuleActionParametersCacheKeyCustomKeyQueryStringArgs.builder()
.excludes("string")
.includes("string")
.build())
.user(RulesetRuleActionParametersCacheKeyCustomKeyUserArgs.builder()
.deviceType(false)
.geo(false)
.lang(false)
.build())
.build())
.ignoreQueryStringsOrder(false)
.build())
.content("string")
.contentType("string")
.cookieFields("string")
.disableApps(false)
.disableRailgun(false)
.disableRum(false)
.disableZaraz(false)
.edgeTtl(RulesetRuleActionParametersEdgeTtlArgs.builder()
.mode("string")
.default_(0)
.statusCodeTtls(RulesetRuleActionParametersEdgeTtlStatusCodeTtlArgs.builder()
.statusCode(0)
.statusCodeRanges(RulesetRuleActionParametersEdgeTtlStatusCodeTtlStatusCodeRangeArgs.builder()
.from(0)
.to(0)
.build())
.value(0)
.build())
.build())
.emailObfuscation(false)
.fonts(false)
.fromList(RulesetRuleActionParametersFromListArgs.builder()
.key("string")
.name("string")
.build())
.fromValue(RulesetRuleActionParametersFromValueArgs.builder()
.preserveQueryString(false)
.statusCode(0)
.targetUrl(RulesetRuleActionParametersFromValueTargetUrlArgs.builder()
.expression("string")
.value("string")
.build())
.build())
.headers(RulesetRuleActionParametersHeaderArgs.builder()
.expression("string")
.name("string")
.operation("string")
.value("string")
.build())
.hostHeader("string")
.hotlinkProtection(false)
.id("string")
.increment(0)
.matchedData(RulesetRuleActionParametersMatchedDataArgs.builder()
.publicKey("string")
.build())
.mirage(false)
.opportunisticEncryption(false)
.origin(RulesetRuleActionParametersOriginArgs.builder()
.host("string")
.port(0)
.build())
.originCacheControl(false)
.originErrorPagePassthru(false)
.overrides(RulesetRuleActionParametersOverridesArgs.builder()
.action("string")
.categories(RulesetRuleActionParametersOverridesCategoryArgs.builder()
.action("string")
.category("string")
.enabled(false)
.build())
.enabled(false)
.rules(RulesetRuleActionParametersOverridesRuleArgs.builder()
.action("string")
.enabled(false)
.id("string")
.scoreThreshold(0)
.sensitivityLevel("string")
.build())
.sensitivityLevel("string")
.build())
.phases("string")
.polish("string")
.products("string")
.readTimeout(0)
.requestFields("string")
.respectStrongEtags(false)
.responseFields("string")
.responses(RulesetRuleActionParametersResponseArgs.builder()
.content("string")
.contentType("string")
.statusCode(0)
.build())
.rocketLoader(false)
.rules(Map.of("string", "string"))
.ruleset("string")
.rulesets("string")
.securityLevel("string")
.serveStale(RulesetRuleActionParametersServeStaleArgs.builder()
.disableStaleWhileUpdating(false)
.build())
.serverSideExcludes(false)
.sni(RulesetRuleActionParametersSniArgs.builder()
.value("string")
.build())
.ssl("string")
.statusCode(0)
.sxg(false)
.uri(RulesetRuleActionParametersUriArgs.builder()
.origin(false)
.path(RulesetRuleActionParametersUriPathArgs.builder()
.expression("string")
.value("string")
.build())
.query(RulesetRuleActionParametersUriQueryArgs.builder()
.expression("string")
.value("string")
.build())
.build())
.version("string")
.build())
.description("string")
.enabled(false)
.exposedCredentialCheck(RulesetRuleExposedCredentialCheckArgs.builder()
.passwordExpression("string")
.usernameExpression("string")
.build())
.id("string")
.lastUpdated("string")
.logging(RulesetRuleLoggingArgs.builder()
.enabled(false)
.build())
.ratelimit(RulesetRuleRatelimitArgs.builder()
.characteristics("string")
.countingExpression("string")
.mitigationTimeout(0)
.period(0)
.requestsPerPeriod(0)
.requestsToOrigin(false)
.scorePerPeriod(0)
.scoreResponseHeaderName("string")
.build())
.ref("string")
.version("string")
.build())
.zoneId("string")
.build());
ruleset_resource = cloudflare.Ruleset("rulesetResource",
kind="string",
name="string",
phase="string",
account_id="string",
description="string",
rules=[cloudflare.RulesetRuleArgs(
expression="string",
action="string",
action_parameters=cloudflare.RulesetRuleActionParametersArgs(
additional_cacheable_ports=[0],
algorithms=[cloudflare.RulesetRuleActionParametersAlgorithmArgs(
name="string",
)],
automatic_https_rewrites=False,
autominifies=[cloudflare.RulesetRuleActionParametersAutominifyArgs(
css=False,
html=False,
js=False,
)],
bic=False,
browser_ttl=cloudflare.RulesetRuleActionParametersBrowserTtlArgs(
mode="string",
default=0,
),
cache=False,
cache_key=cloudflare.RulesetRuleActionParametersCacheKeyArgs(
cache_by_device_type=False,
cache_deception_armor=False,
custom_key=cloudflare.RulesetRuleActionParametersCacheKeyCustomKeyArgs(
cookie=cloudflare.RulesetRuleActionParametersCacheKeyCustomKeyCookieArgs(
check_presences=["string"],
includes=["string"],
),
header=cloudflare.RulesetRuleActionParametersCacheKeyCustomKeyHeaderArgs(
check_presences=["string"],
exclude_origin=False,
includes=["string"],
),
host=cloudflare.RulesetRuleActionParametersCacheKeyCustomKeyHostArgs(
resolved=False,
),
query_string=cloudflare.RulesetRuleActionParametersCacheKeyCustomKeyQueryStringArgs(
excludes=["string"],
includes=["string"],
),
user=cloudflare.RulesetRuleActionParametersCacheKeyCustomKeyUserArgs(
device_type=False,
geo=False,
lang=False,
),
),
ignore_query_strings_order=False,
),
content="string",
content_type="string",
cookie_fields=["string"],
disable_apps=False,
disable_railgun=False,
disable_rum=False,
disable_zaraz=False,
edge_ttl=cloudflare.RulesetRuleActionParametersEdgeTtlArgs(
mode="string",
default=0,
status_code_ttls=[cloudflare.RulesetRuleActionParametersEdgeTtlStatusCodeTtlArgs(
status_code=0,
status_code_ranges=[cloudflare.RulesetRuleActionParametersEdgeTtlStatusCodeTtlStatusCodeRangeArgs(
from_=0,
to=0,
)],
value=0,
)],
),
email_obfuscation=False,
fonts=False,
from_list=cloudflare.RulesetRuleActionParametersFromListArgs(
key="string",
name="string",
),
from_value=cloudflare.RulesetRuleActionParametersFromValueArgs(
preserve_query_string=False,
status_code=0,
target_url=cloudflare.RulesetRuleActionParametersFromValueTargetUrlArgs(
expression="string",
value="string",
),
),
headers=[cloudflare.RulesetRuleActionParametersHeaderArgs(
expression="string",
name="string",
operation="string",
value="string",
)],
host_header="string",
hotlink_protection=False,
id="string",
increment=0,
matched_data=cloudflare.RulesetRuleActionParametersMatchedDataArgs(
public_key="string",
),
mirage=False,
opportunistic_encryption=False,
origin=cloudflare.RulesetRuleActionParametersOriginArgs(
host="string",
port=0,
),
origin_cache_control=False,
origin_error_page_passthru=False,
overrides=cloudflare.RulesetRuleActionParametersOverridesArgs(
action="string",
categories=[cloudflare.RulesetRuleActionParametersOverridesCategoryArgs(
action="string",
category="string",
enabled=False,
)],
enabled=False,
rules=[cloudflare.RulesetRuleActionParametersOverridesRuleArgs(
action="string",
enabled=False,
id="string",
score_threshold=0,
sensitivity_level="string",
)],
sensitivity_level="string",
),
phases=["string"],
polish="string",
products=["string"],
read_timeout=0,
request_fields=["string"],
respect_strong_etags=False,
response_fields=["string"],
responses=[cloudflare.RulesetRuleActionParametersResponseArgs(
content="string",
content_type="string",
status_code=0,
)],
rocket_loader=False,
rules={
"string": "string",
},
ruleset="string",
rulesets=["string"],
security_level="string",
serve_stale=cloudflare.RulesetRuleActionParametersServeStaleArgs(
disable_stale_while_updating=False,
),
server_side_excludes=False,
sni=cloudflare.RulesetRuleActionParametersSniArgs(
value="string",
),
ssl="string",
status_code=0,
sxg=False,
uri=cloudflare.RulesetRuleActionParametersUriArgs(
origin=False,
path=cloudflare.RulesetRuleActionParametersUriPathArgs(
expression="string",
value="string",
),
query=cloudflare.RulesetRuleActionParametersUriQueryArgs(
expression="string",
value="string",
),
),
version="string",
),
description="string",
enabled=False,
exposed_credential_check=cloudflare.RulesetRuleExposedCredentialCheckArgs(
password_expression="string",
username_expression="string",
),
id="string",
last_updated="string",
logging=cloudflare.RulesetRuleLoggingArgs(
enabled=False,
),
ratelimit=cloudflare.RulesetRuleRatelimitArgs(
characteristics=["string"],
counting_expression="string",
mitigation_timeout=0,
period=0,
requests_per_period=0,
requests_to_origin=False,
score_per_period=0,
score_response_header_name="string",
),
ref="string",
version="string",
)],
zone_id="string")
const rulesetResource = new cloudflare.Ruleset("rulesetResource", {
kind: "string",
name: "string",
phase: "string",
accountId: "string",
description: "string",
rules: [{
expression: "string",
action: "string",
actionParameters: {
additionalCacheablePorts: [0],
algorithms: [{
name: "string",
}],
automaticHttpsRewrites: false,
autominifies: [{
css: false,
html: false,
js: false,
}],
bic: false,
browserTtl: {
mode: "string",
"default": 0,
},
cache: false,
cacheKey: {
cacheByDeviceType: false,
cacheDeceptionArmor: false,
customKey: {
cookie: {
checkPresences: ["string"],
includes: ["string"],
},
header: {
checkPresences: ["string"],
excludeOrigin: false,
includes: ["string"],
},
host: {
resolved: false,
},
queryString: {
excludes: ["string"],
includes: ["string"],
},
user: {
deviceType: false,
geo: false,
lang: false,
},
},
ignoreQueryStringsOrder: false,
},
content: "string",
contentType: "string",
cookieFields: ["string"],
disableApps: false,
disableRailgun: false,
disableRum: false,
disableZaraz: false,
edgeTtl: {
mode: "string",
"default": 0,
statusCodeTtls: [{
statusCode: 0,
statusCodeRanges: [{
from: 0,
to: 0,
}],
value: 0,
}],
},
emailObfuscation: false,
fonts: false,
fromList: {
key: "string",
name: "string",
},
fromValue: {
preserveQueryString: false,
statusCode: 0,
targetUrl: {
expression: "string",
value: "string",
},
},
headers: [{
expression: "string",
name: "string",
operation: "string",
value: "string",
}],
hostHeader: "string",
hotlinkProtection: false,
id: "string",
increment: 0,
matchedData: {
publicKey: "string",
},
mirage: false,
opportunisticEncryption: false,
origin: {
host: "string",
port: 0,
},
originCacheControl: false,
originErrorPagePassthru: false,
overrides: {
action: "string",
categories: [{
action: "string",
category: "string",
enabled: false,
}],
enabled: false,
rules: [{
action: "string",
enabled: false,
id: "string",
scoreThreshold: 0,
sensitivityLevel: "string",
}],
sensitivityLevel: "string",
},
phases: ["string"],
polish: "string",
products: ["string"],
readTimeout: 0,
requestFields: ["string"],
respectStrongEtags: false,
responseFields: ["string"],
responses: [{
content: "string",
contentType: "string",
statusCode: 0,
}],
rocketLoader: false,
rules: {
string: "string",
},
ruleset: "string",
rulesets: ["string"],
securityLevel: "string",
serveStale: {
disableStaleWhileUpdating: false,
},
serverSideExcludes: false,
sni: {
value: "string",
},
ssl: "string",
statusCode: 0,
sxg: false,
uri: {
origin: false,
path: {
expression: "string",
value: "string",
},
query: {
expression: "string",
value: "string",
},
},
version: "string",
},
description: "string",
enabled: false,
exposedCredentialCheck: {
passwordExpression: "string",
usernameExpression: "string",
},
id: "string",
lastUpdated: "string",
logging: {
enabled: false,
},
ratelimit: {
characteristics: ["string"],
countingExpression: "string",
mitigationTimeout: 0,
period: 0,
requestsPerPeriod: 0,
requestsToOrigin: false,
scorePerPeriod: 0,
scoreResponseHeaderName: "string",
},
ref: "string",
version: "string",
}],
zoneId: "string",
});
type: cloudflare:Ruleset
properties:
accountId: string
description: string
kind: string
name: string
phase: string
rules:
- action: string
actionParameters:
additionalCacheablePorts:
- 0
algorithms:
- name: string
automaticHttpsRewrites: false
autominifies:
- css: false
html: false
js: false
bic: false
browserTtl:
default: 0
mode: string
cache: false
cacheKey:
cacheByDeviceType: false
cacheDeceptionArmor: false
customKey:
cookie:
checkPresences:
- string
includes:
- string
header:
checkPresences:
- string
excludeOrigin: false
includes:
- string
host:
resolved: false
queryString:
excludes:
- string
includes:
- string
user:
deviceType: false
geo: false
lang: false
ignoreQueryStringsOrder: false
content: string
contentType: string
cookieFields:
- string
disableApps: false
disableRailgun: false
disableRum: false
disableZaraz: false
edgeTtl:
default: 0
mode: string
statusCodeTtls:
- statusCode: 0
statusCodeRanges:
- from: 0
to: 0
value: 0
emailObfuscation: false
fonts: false
fromList:
key: string
name: string
fromValue:
preserveQueryString: false
statusCode: 0
targetUrl:
expression: string
value: string
headers:
- expression: string
name: string
operation: string
value: string
hostHeader: string
hotlinkProtection: false
id: string
increment: 0
matchedData:
publicKey: string
mirage: false
opportunisticEncryption: false
origin:
host: string
port: 0
originCacheControl: false
originErrorPagePassthru: false
overrides:
action: string
categories:
- action: string
category: string
enabled: false
enabled: false
rules:
- action: string
enabled: false
id: string
scoreThreshold: 0
sensitivityLevel: string
sensitivityLevel: string
phases:
- string
polish: string
products:
- string
readTimeout: 0
requestFields:
- string
respectStrongEtags: false
responseFields:
- string
responses:
- content: string
contentType: string
statusCode: 0
rocketLoader: false
rules:
string: string
ruleset: string
rulesets:
- string
securityLevel: string
serveStale:
disableStaleWhileUpdating: false
serverSideExcludes: false
sni:
value: string
ssl: string
statusCode: 0
sxg: false
uri:
origin: false
path:
expression: string
value: string
query:
expression: string
value: string
version: string
description: string
enabled: false
exposedCredentialCheck:
passwordExpression: string
usernameExpression: string
expression: string
id: string
lastUpdated: string
logging:
enabled: false
ratelimit:
characteristics:
- string
countingExpression: string
mitigationTimeout: 0
period: 0
requestsPerPeriod: 0
requestsToOrigin: false
scorePerPeriod: 0
scoreResponseHeaderName: string
ref: string
version: string
zoneId: string
Ruleset Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Ruleset resource accepts the following input properties:
- Kind string
- Type of Ruleset to create. Available values:
custom,managed,root,zone. - Name string
- Name of the ruleset.
- Phase string
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_config_settings,http_custom_errors,http_log_custom_fields,http_ratelimit,http_request_cache_settings,http_request_dynamic_redirect,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_origin,http_request_redirect,http_request_sanitize,http_request_sbfm,http_request_transform,http_response_compression,http_response_firewall_managed,http_response_headers_transform,magic_transit. - Account
Id string - The account identifier to target for the resource.
- Description string
- Brief summary of the ruleset and its intended use.
- Rules
List<Ruleset
Rule> - List of rules to apply to the ruleset.
- Zone
Id string - The zone identifier to target for the resource.
- Kind string
- Type of Ruleset to create. Available values:
custom,managed,root,zone. - Name string
- Name of the ruleset.
- Phase string
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_config_settings,http_custom_errors,http_log_custom_fields,http_ratelimit,http_request_cache_settings,http_request_dynamic_redirect,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_origin,http_request_redirect,http_request_sanitize,http_request_sbfm,http_request_transform,http_response_compression,http_response_firewall_managed,http_response_headers_transform,magic_transit. - Account
Id string - The account identifier to target for the resource.
- Description string
- Brief summary of the ruleset and its intended use.
- Rules
[]Ruleset
Rule Args - List of rules to apply to the ruleset.
- Zone
Id string - The zone identifier to target for the resource.
- kind String
- Type of Ruleset to create. Available values:
custom,managed,root,zone. - name String
- Name of the ruleset.
- phase String
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_config_settings,http_custom_errors,http_log_custom_fields,http_ratelimit,http_request_cache_settings,http_request_dynamic_redirect,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_origin,http_request_redirect,http_request_sanitize,http_request_sbfm,http_request_transform,http_response_compression,http_response_firewall_managed,http_response_headers_transform,magic_transit. - account
Id String - The account identifier to target for the resource.
- description String
- Brief summary of the ruleset and its intended use.
- rules
List<Ruleset
Rule> - List of rules to apply to the ruleset.
- zone
Id String - The zone identifier to target for the resource.
- kind string
- Type of Ruleset to create. Available values:
custom,managed,root,zone. - name string
- Name of the ruleset.
- phase string
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_config_settings,http_custom_errors,http_log_custom_fields,http_ratelimit,http_request_cache_settings,http_request_dynamic_redirect,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_origin,http_request_redirect,http_request_sanitize,http_request_sbfm,http_request_transform,http_response_compression,http_response_firewall_managed,http_response_headers_transform,magic_transit. - account
Id string - The account identifier to target for the resource.
- description string
- Brief summary of the ruleset and its intended use.
- rules
Ruleset
Rule[] - List of rules to apply to the ruleset.
- zone
Id string - The zone identifier to target for the resource.
- kind str
- Type of Ruleset to create. Available values:
custom,managed,root,zone. - name str
- Name of the ruleset.
- phase str
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_config_settings,http_custom_errors,http_log_custom_fields,http_ratelimit,http_request_cache_settings,http_request_dynamic_redirect,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_origin,http_request_redirect,http_request_sanitize,http_request_sbfm,http_request_transform,http_response_compression,http_response_firewall_managed,http_response_headers_transform,magic_transit. - account_
id str - The account identifier to target for the resource.
- description str
- Brief summary of the ruleset and its intended use.
- rules
Sequence[Ruleset
Rule Args] - List of rules to apply to the ruleset.
- zone_
id str - The zone identifier to target for the resource.
- kind String
- Type of Ruleset to create. Available values:
custom,managed,root,zone. - name String
- Name of the ruleset.
- phase String
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_config_settings,http_custom_errors,http_log_custom_fields,http_ratelimit,http_request_cache_settings,http_request_dynamic_redirect,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_origin,http_request_redirect,http_request_sanitize,http_request_sbfm,http_request_transform,http_response_compression,http_response_firewall_managed,http_response_headers_transform,magic_transit. - account
Id String - The account identifier to target for the resource.
- description String
- Brief summary of the ruleset and its intended use.
- rules List<Property Map>
- List of rules to apply to the ruleset.
- zone
Id String - The zone identifier to target for the resource.
Outputs
All input properties are implicitly available as output properties. Additionally, the Ruleset resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Ruleset Resource
Get an existing Ruleset resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RulesetState, opts?: CustomResourceOptions): Ruleset@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
description: Optional[str] = None,
kind: Optional[str] = None,
name: Optional[str] = None,
phase: Optional[str] = None,
rules: Optional[Sequence[RulesetRuleArgs]] = None,
zone_id: Optional[str] = None) -> Rulesetfunc GetRuleset(ctx *Context, name string, id IDInput, state *RulesetState, opts ...ResourceOption) (*Ruleset, error)public static Ruleset Get(string name, Input<string> id, RulesetState? state, CustomResourceOptions? opts = null)public static Ruleset get(String name, Output<String> id, RulesetState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Account
Id string - The account identifier to target for the resource.
- Description string
- Brief summary of the ruleset and its intended use.
- Kind string
- Type of Ruleset to create. Available values:
custom,managed,root,zone. - Name string
- Name of the ruleset.
- Phase string
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_config_settings,http_custom_errors,http_log_custom_fields,http_ratelimit,http_request_cache_settings,http_request_dynamic_redirect,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_origin,http_request_redirect,http_request_sanitize,http_request_sbfm,http_request_transform,http_response_compression,http_response_firewall_managed,http_response_headers_transform,magic_transit. - Rules
List<Ruleset
Rule> - List of rules to apply to the ruleset.
- Zone
Id string - The zone identifier to target for the resource.
- Account
Id string - The account identifier to target for the resource.
- Description string
- Brief summary of the ruleset and its intended use.
- Kind string
- Type of Ruleset to create. Available values:
custom,managed,root,zone. - Name string
- Name of the ruleset.
- Phase string
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_config_settings,http_custom_errors,http_log_custom_fields,http_ratelimit,http_request_cache_settings,http_request_dynamic_redirect,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_origin,http_request_redirect,http_request_sanitize,http_request_sbfm,http_request_transform,http_response_compression,http_response_firewall_managed,http_response_headers_transform,magic_transit. - Rules
[]Ruleset
Rule Args - List of rules to apply to the ruleset.
- Zone
Id string - The zone identifier to target for the resource.
- account
Id String - The account identifier to target for the resource.
- description String
- Brief summary of the ruleset and its intended use.
- kind String
- Type of Ruleset to create. Available values:
custom,managed,root,zone. - name String
- Name of the ruleset.
- phase String
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_config_settings,http_custom_errors,http_log_custom_fields,http_ratelimit,http_request_cache_settings,http_request_dynamic_redirect,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_origin,http_request_redirect,http_request_sanitize,http_request_sbfm,http_request_transform,http_response_compression,http_response_firewall_managed,http_response_headers_transform,magic_transit. - rules
List<Ruleset
Rule> - List of rules to apply to the ruleset.
- zone
Id String - The zone identifier to target for the resource.
- account
Id string - The account identifier to target for the resource.
- description string
- Brief summary of the ruleset and its intended use.
- kind string
- Type of Ruleset to create. Available values:
custom,managed,root,zone. - name string
- Name of the ruleset.
- phase string
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_config_settings,http_custom_errors,http_log_custom_fields,http_ratelimit,http_request_cache_settings,http_request_dynamic_redirect,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_origin,http_request_redirect,http_request_sanitize,http_request_sbfm,http_request_transform,http_response_compression,http_response_firewall_managed,http_response_headers_transform,magic_transit. - rules
Ruleset
Rule[] - List of rules to apply to the ruleset.
- zone
Id string - The zone identifier to target for the resource.
- account_
id str - The account identifier to target for the resource.
- description str
- Brief summary of the ruleset and its intended use.
- kind str
- Type of Ruleset to create. Available values:
custom,managed,root,zone. - name str
- Name of the ruleset.
- phase str
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_config_settings,http_custom_errors,http_log_custom_fields,http_ratelimit,http_request_cache_settings,http_request_dynamic_redirect,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_origin,http_request_redirect,http_request_sanitize,http_request_sbfm,http_request_transform,http_response_compression,http_response_firewall_managed,http_response_headers_transform,magic_transit. - rules
Sequence[Ruleset
Rule Args] - List of rules to apply to the ruleset.
- zone_
id str - The zone identifier to target for the resource.
- account
Id String - The account identifier to target for the resource.
- description String
- Brief summary of the ruleset and its intended use.
- kind String
- Type of Ruleset to create. Available values:
custom,managed,root,zone. - name String
- Name of the ruleset.
- phase String
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_config_settings,http_custom_errors,http_log_custom_fields,http_ratelimit,http_request_cache_settings,http_request_dynamic_redirect,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_origin,http_request_redirect,http_request_sanitize,http_request_sbfm,http_request_transform,http_response_compression,http_response_firewall_managed,http_response_headers_transform,magic_transit. - rules List<Property Map>
- List of rules to apply to the ruleset.
- zone
Id String - The zone identifier to target for the resource.
Supporting Types
RulesetRule, RulesetRuleArgs
- Expression string
- Criteria for an HTTP request to trigger the ruleset rule action. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- Action string
- Action to perform in the ruleset rule. Available values:
block,challenge,compress_response,ddos_dynamic,ddos_mitigation,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,serve_error,set_cache_settings,set_config,skip. - Action
Parameters RulesetRule Action Parameters - List of parameters that configure the behavior of the ruleset rule action.
- Description string
- Brief summary of the ruleset rule and its intended use.
- Enabled bool
- Whether the rule is active.
- Exposed
Credential RulesetCheck Rule Exposed Credential Check - List of parameters that configure exposed credential checks.
- Id string
- Unique rule identifier.
- Last
Updated string - The most recent update to this rule.
- Logging
Ruleset
Rule Logging - List parameters to configure how the rule generates logs. Only valid for skip action.
- Ratelimit
Ruleset
Rule Ratelimit - List of parameters that configure HTTP rate limiting behaviour.
- Ref string
- Rule reference.
- Version string
- Version of the ruleset to deploy.
- Expression string
- Criteria for an HTTP request to trigger the ruleset rule action. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- Action string
- Action to perform in the ruleset rule. Available values:
block,challenge,compress_response,ddos_dynamic,ddos_mitigation,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,serve_error,set_cache_settings,set_config,skip. - Action
Parameters RulesetRule Action Parameters - List of parameters that configure the behavior of the ruleset rule action.
- Description string
- Brief summary of the ruleset rule and its intended use.
- Enabled bool
- Whether the rule is active.
- Exposed
Credential RulesetCheck Rule Exposed Credential Check - List of parameters that configure exposed credential checks.
- Id string
- Unique rule identifier.
- Last
Updated string - The most recent update to this rule.
- Logging
Ruleset
Rule Logging - List parameters to configure how the rule generates logs. Only valid for skip action.
- Ratelimit
Ruleset
Rule Ratelimit - List of parameters that configure HTTP rate limiting behaviour.
- Ref string
- Rule reference.
- Version string
- Version of the ruleset to deploy.
- expression String
- Criteria for an HTTP request to trigger the ruleset rule action. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- action String
- Action to perform in the ruleset rule. Available values:
block,challenge,compress_response,ddos_dynamic,ddos_mitigation,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,serve_error,set_cache_settings,set_config,skip. - action
Parameters RulesetRule Action Parameters - List of parameters that configure the behavior of the ruleset rule action.
- description String
- Brief summary of the ruleset rule and its intended use.
- enabled Boolean
- Whether the rule is active.
- exposed
Credential RulesetCheck Rule Exposed Credential Check - List of parameters that configure exposed credential checks.
- id String
- Unique rule identifier.
- last
Updated String - The most recent update to this rule.
- logging
Ruleset
Rule Logging - List parameters to configure how the rule generates logs. Only valid for skip action.
- ratelimit
Ruleset
Rule Ratelimit - List of parameters that configure HTTP rate limiting behaviour.
- ref String
- Rule reference.
- version String
- Version of the ruleset to deploy.
- expression string
- Criteria for an HTTP request to trigger the ruleset rule action. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- action string
- Action to perform in the ruleset rule. Available values:
block,challenge,compress_response,ddos_dynamic,ddos_mitigation,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,serve_error,set_cache_settings,set_config,skip. - action
Parameters RulesetRule Action Parameters - List of parameters that configure the behavior of the ruleset rule action.
- description string
- Brief summary of the ruleset rule and its intended use.
- enabled boolean
- Whether the rule is active.
- exposed
Credential RulesetCheck Rule Exposed Credential Check - List of parameters that configure exposed credential checks.
- id string
- Unique rule identifier.
- last
Updated string - The most recent update to this rule.
- logging
Ruleset
Rule Logging - List parameters to configure how the rule generates logs. Only valid for skip action.
- ratelimit
Ruleset
Rule Ratelimit - List of parameters that configure HTTP rate limiting behaviour.
- ref string
- Rule reference.
- version string
- Version of the ruleset to deploy.
- expression str
- Criteria for an HTTP request to trigger the ruleset rule action. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- action str
- Action to perform in the ruleset rule. Available values:
block,challenge,compress_response,ddos_dynamic,ddos_mitigation,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,serve_error,set_cache_settings,set_config,skip. - action_
parameters RulesetRule Action Parameters - List of parameters that configure the behavior of the ruleset rule action.
- description str
- Brief summary of the ruleset rule and its intended use.
- enabled bool
- Whether the rule is active.
- exposed_
credential_ Rulesetcheck Rule Exposed Credential Check - List of parameters that configure exposed credential checks.
- id str
- Unique rule identifier.
- last_
updated str - The most recent update to this rule.
- logging
Ruleset
Rule Logging - List parameters to configure how the rule generates logs. Only valid for skip action.
- ratelimit
Ruleset
Rule Ratelimit - List of parameters that configure HTTP rate limiting behaviour.
- ref str
- Rule reference.
- version str
- Version of the ruleset to deploy.
- expression String
- Criteria for an HTTP request to trigger the ruleset rule action. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- action String
- Action to perform in the ruleset rule. Available values:
block,challenge,compress_response,ddos_dynamic,ddos_mitigation,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,serve_error,set_cache_settings,set_config,skip. - action
Parameters Property Map - List of parameters that configure the behavior of the ruleset rule action.
- description String
- Brief summary of the ruleset rule and its intended use.
- enabled Boolean
- Whether the rule is active.
- exposed
Credential Property MapCheck - List of parameters that configure exposed credential checks.
- id String
- Unique rule identifier.
- last
Updated String - The most recent update to this rule.
- logging Property Map
- List parameters to configure how the rule generates logs. Only valid for skip action.
- ratelimit Property Map
- List of parameters that configure HTTP rate limiting behaviour.
- ref String
- Rule reference.
- version String
- Version of the ruleset to deploy.
RulesetRuleActionParameters, RulesetRuleActionParametersArgs
- Additional
Cacheable List<int>Ports - Specifies uncommon ports to allow cacheable assets to be served from.
- Algorithms
List<Ruleset
Rule Action Parameters Algorithm> - Compression algorithms to use in order of preference.
- Automatic
Https boolRewrites - Turn on or off Cloudflare Automatic HTTPS rewrites.
- Autominifies
List<Ruleset
Rule Action Parameters Autominify> - Indicate which file extensions to minify automatically.
- Bic bool
- Inspect the visitor's browser for headers commonly associated with spammers and certain bots.
- Browser
Ttl RulesetRule Action Parameters Browser Ttl - List of browser TTL parameters to apply to the request.
- Cache bool
- Whether to cache if expression matches.
- Cache
Key RulesetRule Action Parameters Cache Key - List of cache key parameters to apply to the request.
- Content string
- Content of the custom error response.
- Content
Type string - Content-Type of the custom error response.
- List<string>
- List of cookie values to include as part of custom fields logging.
- Disable
Apps bool - Turn off all active Cloudflare Apps.
- Disable
Railgun bool - Turn off railgun feature of the Cloudflare Speed app.
- Disable
Rum bool - Turn off RUM feature.
- Disable
Zaraz bool - Turn off zaraz feature.
- Edge
Ttl RulesetRule Action Parameters Edge Ttl - List of edge TTL parameters to apply to the request.
- Email
Obfuscation bool - Turn on or off the Cloudflare Email Obfuscation feature of the Cloudflare Scrape Shield app.
- Fonts bool
- Toggle fonts.
- From
List RulesetRule Action Parameters From List - Use a list to lookup information for the action.
- From
Value RulesetRule Action Parameters From Value - Use a value to lookup information for the action.
- Headers
List<Ruleset
Rule Action Parameters Header> - List of HTTP header modifications to perform in the ruleset rule. Note: Headers are order dependent and must be provided sorted alphabetically ascending based on the
namevalue. - Host
Header string - Host Header that request origin receives.
- Hotlink
Protection bool - Turn on or off the hotlink protection feature.
- Id string
- Identifier of the action parameter to modify.
- Increment int
- Matched
Data RulesetRule Action Parameters Matched Data - List of properties to configure WAF payload logging.
- Mirage bool
- Turn on or off Cloudflare Mirage of the Cloudflare Speed app.
- Opportunistic
Encryption bool - Turn on or off the Cloudflare Opportunistic Encryption feature of the Edge Certificates tab in the Cloudflare SSL/TLS app.
- Origin
Ruleset
Rule Action Parameters Origin - List of properties to change request origin.
- Origin
Cache boolControl - Enable or disable the use of a more compliant Cache Control parsing mechanism, enabled by default for most zones.
- Origin
Error boolPage Passthru - Pass-through error page for origin.
- Overrides
Ruleset
Rule Action Parameters Overrides - List of override configurations to apply to the ruleset.
- Phases List<string>
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_config_settings,http_custom_errors,http_log_custom_fields,http_ratelimit,http_request_cache_settings,http_request_dynamic_redirect,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_origin,http_request_redirect,http_request_sanitize,http_request_sbfm,http_request_transform,http_response_compression,http_response_firewall_managed,http_response_headers_transform,magic_transit. - Polish string
- Apply options from the Polish feature of the Cloudflare Speed app.
- Products List<string>
- Products to target with the actions. Available values:
bic,hot,ratelimit,securityLevel,uablock,waf,zonelockdown. - Read
Timeout int - Specifies a maximum timeout for reading content from an origin server.
- Request
Fields List<string> - List of request headers to include as part of custom fields logging, in lowercase.
- bool
- Respect strong ETags.
- Response
Fields List<string> - List of response headers to include as part of custom fields logging, in lowercase.
- Responses
List<Ruleset
Rule Action Parameters Response> - List of parameters that configure the response given to end users.
- Rocket
Loader bool - Turn on or off Cloudflare Rocket Loader in the Cloudflare Speed app.
- Rules Dictionary<string, string>
- Map of managed WAF rule ID to comma-delimited string of ruleset rule IDs. Example:
rules = { "efb7b8c949ac4650a09736fc376e9aee" = "5de7edfa648c4d6891dc3e7f84534ffa,e3a567afc347477d9702d9047e97d760" }. - Ruleset string
- Which ruleset ID to target.
- Rulesets List<string>
- List of managed WAF rule IDs to target. Only valid when the
"action"is set to skip. - Security
Level string - Control options for the Security Level feature from the Security app.
- Serve
Stale RulesetRule Action Parameters Serve Stale - List of serve stale parameters to apply to the request.
- Server
Side boolExcludes - Turn on or off the Server Side Excludes feature of the Cloudflare Scrape Shield app.
- Sni
Ruleset
Rule Action Parameters Sni - List of properties to manange Server Name Indication.
- Ssl string
- Control options for the SSL feature of the Edge Certificates tab in the Cloudflare SSL/TLS app.
- Status
Code int - HTTP status code of the custom error response.
- Sxg bool
- Turn on or off the SXG feature.
- Uri
Ruleset
Rule Action Parameters Uri - List of URI properties to configure for the ruleset rule when performing URL rewrite transformations.
- Version string
- Version of the ruleset to deploy.
- Additional
Cacheable []intPorts - Specifies uncommon ports to allow cacheable assets to be served from.
- Algorithms
[]Ruleset
Rule Action Parameters Algorithm - Compression algorithms to use in order of preference.
- Automatic
Https boolRewrites - Turn on or off Cloudflare Automatic HTTPS rewrites.
- Autominifies
[]Ruleset
Rule Action Parameters Autominify - Indicate which file extensions to minify automatically.
- Bic bool
- Inspect the visitor's browser for headers commonly associated with spammers and certain bots.
- Browser
Ttl RulesetRule Action Parameters Browser Ttl - List of browser TTL parameters to apply to the request.
- Cache bool
- Whether to cache if expression matches.
- Cache
Key RulesetRule Action Parameters Cache Key - List of cache key parameters to apply to the request.
- Content string
- Content of the custom error response.
- Content
Type string - Content-Type of the custom error response.
- []string
- List of cookie values to include as part of custom fields logging.
- Disable
Apps bool - Turn off all active Cloudflare Apps.
- Disable
Railgun bool - Turn off railgun feature of the Cloudflare Speed app.
- Disable
Rum bool - Turn off RUM feature.
- Disable
Zaraz bool - Turn off zaraz feature.
- Edge
Ttl RulesetRule Action Parameters Edge Ttl - List of edge TTL parameters to apply to the request.
- Email
Obfuscation bool - Turn on or off the Cloudflare Email Obfuscation feature of the Cloudflare Scrape Shield app.
- Fonts bool
- Toggle fonts.
- From
List RulesetRule Action Parameters From List - Use a list to lookup information for the action.
- From
Value RulesetRule Action Parameters From Value - Use a value to lookup information for the action.
- Headers
[]Ruleset
Rule Action Parameters Header - List of HTTP header modifications to perform in the ruleset rule. Note: Headers are order dependent and must be provided sorted alphabetically ascending based on the
namevalue. - Host
Header string - Host Header that request origin receives.
- Hotlink
Protection bool - Turn on or off the hotlink protection feature.
- Id string
- Identifier of the action parameter to modify.
- Increment int
- Matched
Data RulesetRule Action Parameters Matched Data - List of properties to configure WAF payload logging.
- Mirage bool
- Turn on or off Cloudflare Mirage of the Cloudflare Speed app.
- Opportunistic
Encryption bool - Turn on or off the Cloudflare Opportunistic Encryption feature of the Edge Certificates tab in the Cloudflare SSL/TLS app.
- Origin
Ruleset
Rule Action Parameters Origin - List of properties to change request origin.
- Origin
Cache boolControl - Enable or disable the use of a more compliant Cache Control parsing mechanism, enabled by default for most zones.
- Origin
Error boolPage Passthru - Pass-through error page for origin.
- Overrides
Ruleset
Rule Action Parameters Overrides - List of override configurations to apply to the ruleset.
- Phases []string
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_config_settings,http_custom_errors,http_log_custom_fields,http_ratelimit,http_request_cache_settings,http_request_dynamic_redirect,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_origin,http_request_redirect,http_request_sanitize,http_request_sbfm,http_request_transform,http_response_compression,http_response_firewall_managed,http_response_headers_transform,magic_transit. - Polish string
- Apply options from the Polish feature of the Cloudflare Speed app.
- Products []string
- Products to target with the actions. Available values:
bic,hot,ratelimit,securityLevel,uablock,waf,zonelockdown. - Read
Timeout int - Specifies a maximum timeout for reading content from an origin server.
- Request
Fields []string - List of request headers to include as part of custom fields logging, in lowercase.
- bool
- Respect strong ETags.
- Response
Fields []string - List of response headers to include as part of custom fields logging, in lowercase.
- Responses
[]Ruleset
Rule Action Parameters Response - List of parameters that configure the response given to end users.
- Rocket
Loader bool - Turn on or off Cloudflare Rocket Loader in the Cloudflare Speed app.
- Rules map[string]string
- Map of managed WAF rule ID to comma-delimited string of ruleset rule IDs. Example:
rules = { "efb7b8c949ac4650a09736fc376e9aee" = "5de7edfa648c4d6891dc3e7f84534ffa,e3a567afc347477d9702d9047e97d760" }. - Ruleset string
- Which ruleset ID to target.
- Rulesets []string
- List of managed WAF rule IDs to target. Only valid when the
"action"is set to skip. - Security
Level string - Control options for the Security Level feature from the Security app.
- Serve
Stale RulesetRule Action Parameters Serve Stale - List of serve stale parameters to apply to the request.
- Server
Side boolExcludes - Turn on or off the Server Side Excludes feature of the Cloudflare Scrape Shield app.
- Sni
Ruleset
Rule Action Parameters Sni - List of properties to manange Server Name Indication.
- Ssl string
- Control options for the SSL feature of the Edge Certificates tab in the Cloudflare SSL/TLS app.
- Status
Code int - HTTP status code of the custom error response.
- Sxg bool
- Turn on or off the SXG feature.
- Uri
Ruleset
Rule Action Parameters Uri - List of URI properties to configure for the ruleset rule when performing URL rewrite transformations.
- Version string
- Version of the ruleset to deploy.
- additional
Cacheable List<Integer>Ports - Specifies uncommon ports to allow cacheable assets to be served from.
- algorithms
List<Ruleset
Rule Action Parameters Algorithm> - Compression algorithms to use in order of preference.
- automatic
Https BooleanRewrites - Turn on or off Cloudflare Automatic HTTPS rewrites.
- autominifies
List<Ruleset
Rule Action Parameters Autominify> - Indicate which file extensions to minify automatically.
- bic Boolean
- Inspect the visitor's browser for headers commonly associated with spammers and certain bots.
- browser
Ttl RulesetRule Action Parameters Browser Ttl - List of browser TTL parameters to apply to the request.
- cache Boolean
- Whether to cache if expression matches.
- cache
Key RulesetRule Action Parameters Cache Key - List of cache key parameters to apply to the request.
- content String
- Content of the custom error response.
- content
Type String - Content-Type of the custom error response.
- List<String>
- List of cookie values to include as part of custom fields logging.
- disable
Apps Boolean - Turn off all active Cloudflare Apps.
- disable
Railgun Boolean - Turn off railgun feature of the Cloudflare Speed app.
- disable
Rum Boolean - Turn off RUM feature.
- disable
Zaraz Boolean - Turn off zaraz feature.
- edge
Ttl RulesetRule Action Parameters Edge Ttl - List of edge TTL parameters to apply to the request.
- email
Obfuscation Boolean - Turn on or off the Cloudflare Email Obfuscation feature of the Cloudflare Scrape Shield app.
- fonts Boolean
- Toggle fonts.
- from
List RulesetRule Action Parameters From List - Use a list to lookup information for the action.
- from
Value RulesetRule Action Parameters From Value - Use a value to lookup information for the action.
- headers
List<Ruleset
Rule Action Parameters Header> - List of HTTP header modifications to perform in the ruleset rule. Note: Headers are order dependent and must be provided sorted alphabetically ascending based on the
namevalue. - host
Header String - Host Header that request origin receives.
- hotlink
Protection Boolean - Turn on or off the hotlink protection feature.
- id String
- Identifier of the action parameter to modify.
- increment Integer
- matched
Data RulesetRule Action Parameters Matched Data - List of properties to configure WAF payload logging.
- mirage Boolean
- Turn on or off Cloudflare Mirage of the Cloudflare Speed app.
- opportunistic
Encryption Boolean - Turn on or off the Cloudflare Opportunistic Encryption feature of the Edge Certificates tab in the Cloudflare SSL/TLS app.
- origin
Ruleset
Rule Action Parameters Origin - List of properties to change request origin.
- origin
Cache BooleanControl - Enable or disable the use of a more compliant Cache Control parsing mechanism, enabled by default for most zones.
- origin
Error BooleanPage Passthru - Pass-through error page for origin.
- overrides
Ruleset
Rule Action Parameters Overrides - List of override configurations to apply to the ruleset.
- phases List<String>
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_config_settings,http_custom_errors,http_log_custom_fields,http_ratelimit,http_request_cache_settings,http_request_dynamic_redirect,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_origin,http_request_redirect,http_request_sanitize,http_request_sbfm,http_request_transform,http_response_compression,http_response_firewall_managed,http_response_headers_transform,magic_transit. - polish String
- Apply options from the Polish feature of the Cloudflare Speed app.
- products List<String>
- Products to target with the actions. Available values:
bic,hot,ratelimit,securityLevel,uablock,waf,zonelockdown. - read
Timeout Integer - Specifies a maximum timeout for reading content from an origin server.
- request
Fields List<String> - List of request headers to include as part of custom fields logging, in lowercase.
- Boolean
- Respect strong ETags.
- response
Fields List<String> - List of response headers to include as part of custom fields logging, in lowercase.
- responses
List<Ruleset
Rule Action Parameters Response> - List of parameters that configure the response given to end users.
- rocket
Loader Boolean - Turn on or off Cloudflare Rocket Loader in the Cloudflare Speed app.
- rules Map<String,String>
- Map of managed WAF rule ID to comma-delimited string of ruleset rule IDs. Example:
rules = { "efb7b8c949ac4650a09736fc376e9aee" = "5de7edfa648c4d6891dc3e7f84534ffa,e3a567afc347477d9702d9047e97d760" }. - ruleset String
- Which ruleset ID to target.
- rulesets List<String>
- List of managed WAF rule IDs to target. Only valid when the
"action"is set to skip. - security
Level String - Control options for the Security Level feature from the Security app.
- serve
Stale RulesetRule Action Parameters Serve Stale - List of serve stale parameters to apply to the request.
- server
Side BooleanExcludes - Turn on or off the Server Side Excludes feature of the Cloudflare Scrape Shield app.
- sni
Ruleset
Rule Action Parameters Sni - List of properties to manange Server Name Indication.
- ssl String
- Control options for the SSL feature of the Edge Certificates tab in the Cloudflare SSL/TLS app.
- status
Code Integer - HTTP status code of the custom error response.
- sxg Boolean
- Turn on or off the SXG feature.
- uri
Ruleset
Rule Action Parameters Uri - List of URI properties to configure for the ruleset rule when performing URL rewrite transformations.
- version String
- Version of the ruleset to deploy.
- additional
Cacheable number[]Ports - Specifies uncommon ports to allow cacheable assets to be served from.
- algorithms
Ruleset
Rule Action Parameters Algorithm[] - Compression algorithms to use in order of preference.
- automatic
Https booleanRewrites - Turn on or off Cloudflare Automatic HTTPS rewrites.
- autominifies
Ruleset
Rule Action Parameters Autominify[] - Indicate which file extensions to minify automatically.
- bic boolean
- Inspect the visitor's browser for headers commonly associated with spammers and certain bots.
- browser
Ttl RulesetRule Action Parameters Browser Ttl - List of browser TTL parameters to apply to the request.
- cache boolean
- Whether to cache if expression matches.
- cache
Key RulesetRule Action Parameters Cache Key - List of cache key parameters to apply to the request.
- content string
- Content of the custom error response.
- content
Type string - Content-Type of the custom error response.
- string[]
- List of cookie values to include as part of custom fields logging.
- disable
Apps boolean - Turn off all active Cloudflare Apps.
- disable
Railgun boolean - Turn off railgun feature of the Cloudflare Speed app.
- disable
Rum boolean - Turn off RUM feature.
- disable
Zaraz boolean - Turn off zaraz feature.
- edge
Ttl RulesetRule Action Parameters Edge Ttl - List of edge TTL parameters to apply to the request.
- email
Obfuscation boolean - Turn on or off the Cloudflare Email Obfuscation feature of the Cloudflare Scrape Shield app.
- fonts boolean
- Toggle fonts.
- from
List RulesetRule Action Parameters From List - Use a list to lookup information for the action.
- from
Value RulesetRule Action Parameters From Value - Use a value to lookup information for the action.
- headers
Ruleset
Rule Action Parameters Header[] - List of HTTP header modifications to perform in the ruleset rule. Note: Headers are order dependent and must be provided sorted alphabetically ascending based on the
namevalue. - host
Header string - Host Header that request origin receives.
- hotlink
Protection boolean - Turn on or off the hotlink protection feature.
- id string
- Identifier of the action parameter to modify.
- increment number
- matched
Data RulesetRule Action Parameters Matched Data - List of properties to configure WAF payload logging.
- mirage boolean
- Turn on or off Cloudflare Mirage of the Cloudflare Speed app.
- opportunistic
Encryption boolean - Turn on or off the Cloudflare Opportunistic Encryption feature of the Edge Certificates tab in the Cloudflare SSL/TLS app.
- origin
Ruleset
Rule Action Parameters Origin - List of properties to change request origin.
- origin
Cache booleanControl - Enable or disable the use of a more compliant Cache Control parsing mechanism, enabled by default for most zones.
- origin
Error booleanPage Passthru - Pass-through error page for origin.
- overrides
Ruleset
Rule Action Parameters Overrides - List of override configurations to apply to the ruleset.
- phases string[]
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_config_settings,http_custom_errors,http_log_custom_fields,http_ratelimit,http_request_cache_settings,http_request_dynamic_redirect,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_origin,http_request_redirect,http_request_sanitize,http_request_sbfm,http_request_transform,http_response_compression,http_response_firewall_managed,http_response_headers_transform,magic_transit. - polish string
- Apply options from the Polish feature of the Cloudflare Speed app.
- products string[]
- Products to target with the actions. Available values:
bic,hot,ratelimit,securityLevel,uablock,waf,zonelockdown. - read
Timeout number - Specifies a maximum timeout for reading content from an origin server.
- request
Fields string[] - List of request headers to include as part of custom fields logging, in lowercase.
- boolean
- Respect strong ETags.
- response
Fields string[] - List of response headers to include as part of custom fields logging, in lowercase.
- responses
Ruleset
Rule Action Parameters Response[] - List of parameters that configure the response given to end users.
- rocket
Loader boolean - Turn on or off Cloudflare Rocket Loader in the Cloudflare Speed app.
- rules {[key: string]: string}
- Map of managed WAF rule ID to comma-delimited string of ruleset rule IDs. Example:
rules = { "efb7b8c949ac4650a09736fc376e9aee" = "5de7edfa648c4d6891dc3e7f84534ffa,e3a567afc347477d9702d9047e97d760" }. - ruleset string
- Which ruleset ID to target.
- rulesets string[]
- List of managed WAF rule IDs to target. Only valid when the
"action"is set to skip. - security
Level string - Control options for the Security Level feature from the Security app.
- serve
Stale RulesetRule Action Parameters Serve Stale - List of serve stale parameters to apply to the request.
- server
Side booleanExcludes - Turn on or off the Server Side Excludes feature of the Cloudflare Scrape Shield app.
- sni
Ruleset
Rule Action Parameters Sni - List of properties to manange Server Name Indication.
- ssl string
- Control options for the SSL feature of the Edge Certificates tab in the Cloudflare SSL/TLS app.
- status
Code number - HTTP status code of the custom error response.
- sxg boolean
- Turn on or off the SXG feature.
- uri
Ruleset
Rule Action Parameters Uri - List of URI properties to configure for the ruleset rule when performing URL rewrite transformations.
- version string
- Version of the ruleset to deploy.
- additional_
cacheable_ Sequence[int]ports - Specifies uncommon ports to allow cacheable assets to be served from.
- algorithms
Sequence[Ruleset
Rule Action Parameters Algorithm] - Compression algorithms to use in order of preference.
- automatic_
https_ boolrewrites - Turn on or off Cloudflare Automatic HTTPS rewrites.
- autominifies
Sequence[Ruleset
Rule Action Parameters Autominify] - Indicate which file extensions to minify automatically.
- bic bool
- Inspect the visitor's browser for headers commonly associated with spammers and certain bots.
- browser_
ttl RulesetRule Action Parameters Browser Ttl - List of browser TTL parameters to apply to the request.
- cache bool
- Whether to cache if expression matches.
- cache_
key RulesetRule Action Parameters Cache Key - List of cache key parameters to apply to the request.
- content str
- Content of the custom error response.
- content_
type str - Content-Type of the custom error response.
- Sequence[str]
- List of cookie values to include as part of custom fields logging.
- disable_
apps bool - Turn off all active Cloudflare Apps.
- disable_
railgun bool - Turn off railgun feature of the Cloudflare Speed app.
- disable_
rum bool - Turn off RUM feature.
- disable_
zaraz bool - Turn off zaraz feature.
- edge_
ttl RulesetRule Action Parameters Edge Ttl - List of edge TTL parameters to apply to the request.
- email_
obfuscation bool - Turn on or off the Cloudflare Email Obfuscation feature of the Cloudflare Scrape Shield app.
- fonts bool
- Toggle fonts.
- from_
list RulesetRule Action Parameters From List - Use a list to lookup information for the action.
- from_
value RulesetRule Action Parameters From Value - Use a value to lookup information for the action.
- headers
Sequence[Ruleset
Rule Action Parameters Header] - List of HTTP header modifications to perform in the ruleset rule. Note: Headers are order dependent and must be provided sorted alphabetically ascending based on the
namevalue. - host_
header str - Host Header that request origin receives.
- hotlink_
protection bool - Turn on or off the hotlink protection feature.
- id str
- Identifier of the action parameter to modify.
- increment int
- matched_
data RulesetRule Action Parameters Matched Data - List of properties to configure WAF payload logging.
- mirage bool
- Turn on or off Cloudflare Mirage of the Cloudflare Speed app.
- opportunistic_
encryption bool - Turn on or off the Cloudflare Opportunistic Encryption feature of the Edge Certificates tab in the Cloudflare SSL/TLS app.
- origin
Ruleset
Rule Action Parameters Origin - List of properties to change request origin.
- origin_
cache_ boolcontrol - Enable or disable the use of a more compliant Cache Control parsing mechanism, enabled by default for most zones.
- origin_
error_ boolpage_ passthru - Pass-through error page for origin.
- overrides
Ruleset
Rule Action Parameters Overrides - List of override configurations to apply to the ruleset.
- phases Sequence[str]
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_config_settings,http_custom_errors,http_log_custom_fields,http_ratelimit,http_request_cache_settings,http_request_dynamic_redirect,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_origin,http_request_redirect,http_request_sanitize,http_request_sbfm,http_request_transform,http_response_compression,http_response_firewall_managed,http_response_headers_transform,magic_transit. - polish str
- Apply options from the Polish feature of the Cloudflare Speed app.
- products Sequence[str]
- Products to target with the actions. Available values:
bic,hot,ratelimit,securityLevel,uablock,waf,zonelockdown. - read_
timeout int - Specifies a maximum timeout for reading content from an origin server.
- request_
fields Sequence[str] - List of request headers to include as part of custom fields logging, in lowercase.
- bool
- Respect strong ETags.
- response_
fields Sequence[str] - List of response headers to include as part of custom fields logging, in lowercase.
- responses
Sequence[Ruleset
Rule Action Parameters Response] - List of parameters that configure the response given to end users.
- rocket_
loader bool - Turn on or off Cloudflare Rocket Loader in the Cloudflare Speed app.
- rules Mapping[str, str]
- Map of managed WAF rule ID to comma-delimited string of ruleset rule IDs. Example:
rules = { "efb7b8c949ac4650a09736fc376e9aee" = "5de7edfa648c4d6891dc3e7f84534ffa,e3a567afc347477d9702d9047e97d760" }. - ruleset str
- Which ruleset ID to target.
- rulesets Sequence[str]
- List of managed WAF rule IDs to target. Only valid when the
"action"is set to skip. - security_
level str - Control options for the Security Level feature from the Security app.
- serve_
stale RulesetRule Action Parameters Serve Stale - List of serve stale parameters to apply to the request.
- server_
side_ boolexcludes - Turn on or off the Server Side Excludes feature of the Cloudflare Scrape Shield app.
- sni
Ruleset
Rule Action Parameters Sni - List of properties to manange Server Name Indication.
- ssl str
- Control options for the SSL feature of the Edge Certificates tab in the Cloudflare SSL/TLS app.
- status_
code int - HTTP status code of the custom error response.
- sxg bool
- Turn on or off the SXG feature.
- uri
Ruleset
Rule Action Parameters Uri - List of URI properties to configure for the ruleset rule when performing URL rewrite transformations.
- version str
- Version of the ruleset to deploy.
- additional
Cacheable List<Number>Ports - Specifies uncommon ports to allow cacheable assets to be served from.
- algorithms List<Property Map>
- Compression algorithms to use in order of preference.
- automatic
Https BooleanRewrites - Turn on or off Cloudflare Automatic HTTPS rewrites.
- autominifies List<Property Map>
- Indicate which file extensions to minify automatically.
- bic Boolean
- Inspect the visitor's browser for headers commonly associated with spammers and certain bots.
- browser
Ttl Property Map - List of browser TTL parameters to apply to the request.
- cache Boolean
- Whether to cache if expression matches.
- cache
Key Property Map - List of cache key parameters to apply to the request.
- content String
- Content of the custom error response.
- content
Type String - Content-Type of the custom error response.
- List<String>
- List of cookie values to include as part of custom fields logging.
- disable
Apps Boolean - Turn off all active Cloudflare Apps.
- disable
Railgun Boolean - Turn off railgun feature of the Cloudflare Speed app.
- disable
Rum Boolean - Turn off RUM feature.
- disable
Zaraz Boolean - Turn off zaraz feature.
- edge
Ttl Property Map - List of edge TTL parameters to apply to the request.
- email
Obfuscation Boolean - Turn on or off the Cloudflare Email Obfuscation feature of the Cloudflare Scrape Shield app.
- fonts Boolean
- Toggle fonts.
- from
List Property Map - Use a list to lookup information for the action.
- from
Value Property Map - Use a value to lookup information for the action.
- headers List<Property Map>
- List of HTTP header modifications to perform in the ruleset rule. Note: Headers are order dependent and must be provided sorted alphabetically ascending based on the
namevalue. - host
Header String - Host Header that request origin receives.
- hotlink
Protection Boolean - Turn on or off the hotlink protection feature.
- id String
- Identifier of the action parameter to modify.
- increment Number
- matched
Data Property Map - List of properties to configure WAF payload logging.
- mirage Boolean
- Turn on or off Cloudflare Mirage of the Cloudflare Speed app.
- opportunistic
Encryption Boolean - Turn on or off the Cloudflare Opportunistic Encryption feature of the Edge Certificates tab in the Cloudflare SSL/TLS app.
- origin Property Map
- List of properties to change request origin.
- origin
Cache BooleanControl - Enable or disable the use of a more compliant Cache Control parsing mechanism, enabled by default for most zones.
- origin
Error BooleanPage Passthru - Pass-through error page for origin.
- overrides Property Map
- List of override configurations to apply to the ruleset.
- phases List<String>
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_config_settings,http_custom_errors,http_log_custom_fields,http_ratelimit,http_request_cache_settings,http_request_dynamic_redirect,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_origin,http_request_redirect,http_request_sanitize,http_request_sbfm,http_request_transform,http_response_compression,http_response_firewall_managed,http_response_headers_transform,magic_transit. - polish String
- Apply options from the Polish feature of the Cloudflare Speed app.
- products List<String>
- Products to target with the actions. Available values:
bic,hot,ratelimit,securityLevel,uablock,waf,zonelockdown. - read
Timeout Number - Specifies a maximum timeout for reading content from an origin server.
- request
Fields List<String> - List of request headers to include as part of custom fields logging, in lowercase.
- Boolean
- Respect strong ETags.
- response
Fields List<String> - List of response headers to include as part of custom fields logging, in lowercase.
- responses List<Property Map>
- List of parameters that configure the response given to end users.
- rocket
Loader Boolean - Turn on or off Cloudflare Rocket Loader in the Cloudflare Speed app.
- rules Map<String>
- Map of managed WAF rule ID to comma-delimited string of ruleset rule IDs. Example:
rules = { "efb7b8c949ac4650a09736fc376e9aee" = "5de7edfa648c4d6891dc3e7f84534ffa,e3a567afc347477d9702d9047e97d760" }. - ruleset String
- Which ruleset ID to target.
- rulesets List<String>
- List of managed WAF rule IDs to target. Only valid when the
"action"is set to skip. - security
Level String - Control options for the Security Level feature from the Security app.
- serve
Stale Property Map - List of serve stale parameters to apply to the request.
- server
Side BooleanExcludes - Turn on or off the Server Side Excludes feature of the Cloudflare Scrape Shield app.
- sni Property Map
- List of properties to manange Server Name Indication.
- ssl String
- Control options for the SSL feature of the Edge Certificates tab in the Cloudflare SSL/TLS app.
- status
Code Number - HTTP status code of the custom error response.
- sxg Boolean
- Turn on or off the SXG feature.
- uri Property Map
- List of URI properties to configure for the ruleset rule when performing URL rewrite transformations.
- version String
- Version of the ruleset to deploy.
RulesetRuleActionParametersAlgorithm, RulesetRuleActionParametersAlgorithmArgs
- Name string
- Name of the compression algorithm to use. Available values:
gzip,brotli,auto,default,none
- Name string
- Name of the compression algorithm to use. Available values:
gzip,brotli,auto,default,none
- name String
- Name of the compression algorithm to use. Available values:
gzip,brotli,auto,default,none
- name string
- Name of the compression algorithm to use. Available values:
gzip,brotli,auto,default,none
- name str
- Name of the compression algorithm to use. Available values:
gzip,brotli,auto,default,none
- name String
- Name of the compression algorithm to use. Available values:
gzip,brotli,auto,default,none
RulesetRuleActionParametersAutominify, RulesetRuleActionParametersAutominifyArgs
RulesetRuleActionParametersBrowserTtl, RulesetRuleActionParametersBrowserTtlArgs
RulesetRuleActionParametersCacheKey, RulesetRuleActionParametersCacheKeyArgs
- Cache
By boolDevice Type - Cache by device type.
- Cache
Deception boolArmor - Cache deception armor.
- Custom
Key RulesetRule Action Parameters Cache Key Custom Key - Custom key parameters for the request.
- Ignore
Query boolStrings Order - Ignore query strings order.
- Cache
By boolDevice Type - Cache by device type.
- Cache
Deception boolArmor - Cache deception armor.
- Custom
Key RulesetRule Action Parameters Cache Key Custom Key - Custom key parameters for the request.
- Ignore
Query boolStrings Order - Ignore query strings order.
- cache
By BooleanDevice Type - Cache by device type.
- cache
Deception BooleanArmor - Cache deception armor.
- custom
Key RulesetRule Action Parameters Cache Key Custom Key - Custom key parameters for the request.
- ignore
Query BooleanStrings Order - Ignore query strings order.
- cache
By booleanDevice Type - Cache by device type.
- cache
Deception booleanArmor - Cache deception armor.
- custom
Key RulesetRule Action Parameters Cache Key Custom Key - Custom key parameters for the request.
- ignore
Query booleanStrings Order - Ignore query strings order.
- cache_
by_ booldevice_ type - Cache by device type.
- cache_
deception_ boolarmor - Cache deception armor.
- custom_
key RulesetRule Action Parameters Cache Key Custom Key - Custom key parameters for the request.
- ignore_
query_ boolstrings_ order - Ignore query strings order.
- cache
By BooleanDevice Type - Cache by device type.
- cache
Deception BooleanArmor - Cache deception armor.
- custom
Key Property Map - Custom key parameters for the request.
- ignore
Query BooleanStrings Order - Ignore query strings order.
RulesetRuleActionParametersCacheKeyCustomKey, RulesetRuleActionParametersCacheKeyCustomKeyArgs
-
Ruleset
Rule Action Parameters Cache Key Custom Key Cookie - Cookie parameters for the custom key.
- Header
Ruleset
Rule Action Parameters Cache Key Custom Key Header - Header parameters for the custom key.
- Host
Ruleset
Rule Action Parameters Cache Key Custom Key Host - Host parameters for the custom key.
- Query
String RulesetRule Action Parameters Cache Key Custom Key Query String - Query string parameters for the custom key.
- User
Ruleset
Rule Action Parameters Cache Key Custom Key User - User parameters for the custom key.
-
Ruleset
Rule Action Parameters Cache Key Custom Key Cookie - Cookie parameters for the custom key.
- Header
Ruleset
Rule Action Parameters Cache Key Custom Key Header - Header parameters for the custom key.
- Host
Ruleset
Rule Action Parameters Cache Key Custom Key Host - Host parameters for the custom key.
- Query
String RulesetRule Action Parameters Cache Key Custom Key Query String - Query string parameters for the custom key.
- User
Ruleset
Rule Action Parameters Cache Key Custom Key User - User parameters for the custom key.
-
Ruleset
Rule Action Parameters Cache Key Custom Key Cookie - Cookie parameters for the custom key.
- header
Ruleset
Rule Action Parameters Cache Key Custom Key Header - Header parameters for the custom key.
- host
Ruleset
Rule Action Parameters Cache Key Custom Key Host - Host parameters for the custom key.
- query
String RulesetRule Action Parameters Cache Key Custom Key Query String - Query string parameters for the custom key.
- user
Ruleset
Rule Action Parameters Cache Key Custom Key User - User parameters for the custom key.
-
Ruleset
Rule Action Parameters Cache Key Custom Key Cookie - Cookie parameters for the custom key.
- header
Ruleset
Rule Action Parameters Cache Key Custom Key Header - Header parameters for the custom key.
- host
Ruleset
Rule Action Parameters Cache Key Custom Key Host - Host parameters for the custom key.
- query
String RulesetRule Action Parameters Cache Key Custom Key Query String - Query string parameters for the custom key.
- user
Ruleset
Rule Action Parameters Cache Key Custom Key User - User parameters for the custom key.
-
Ruleset
Rule Action Parameters Cache Key Custom Key Cookie - Cookie parameters for the custom key.
- header
Ruleset
Rule Action Parameters Cache Key Custom Key Header - Header parameters for the custom key.
- host
Ruleset
Rule Action Parameters Cache Key Custom Key Host - Host parameters for the custom key.
- query_
string RulesetRule Action Parameters Cache Key Custom Key Query String - Query string parameters for the custom key.
- user
Ruleset
Rule Action Parameters Cache Key Custom Key User - User parameters for the custom key.
- Property Map
- Cookie parameters for the custom key.
- header Property Map
- Header parameters for the custom key.
- host Property Map
- Host parameters for the custom key.
- query
String Property Map - Query string parameters for the custom key.
- user Property Map
- User parameters for the custom key.
RulesetRuleActionParametersCacheKeyCustomKeyCookie, RulesetRuleActionParametersCacheKeyCustomKeyCookieArgs
- Check
Presences List<string> - List of cookies to check for presence in the custom key.
- Includes List<string>
- List of cookies to include in the custom key.
- Check
Presences []string - List of cookies to check for presence in the custom key.
- Includes []string
- List of cookies to include in the custom key.
- check
Presences List<String> - List of cookies to check for presence in the custom key.
- includes List<String>
- List of cookies to include in the custom key.
- check
Presences string[] - List of cookies to check for presence in the custom key.
- includes string[]
- List of cookies to include in the custom key.
- check_
presences Sequence[str] - List of cookies to check for presence in the custom key.
- includes Sequence[str]
- List of cookies to include in the custom key.
- check
Presences List<String> - List of cookies to check for presence in the custom key.
- includes List<String>
- List of cookies to include in the custom key.
RulesetRuleActionParametersCacheKeyCustomKeyHeader, RulesetRuleActionParametersCacheKeyCustomKeyHeaderArgs
- Check
Presences List<string> - List of headers to check for presence in the custom key.
- Exclude
Origin bool - Exclude the origin header from the custom key.
- Includes List<string>
- List of headers to include in the custom key.
- Check
Presences []string - List of headers to check for presence in the custom key.
- Exclude
Origin bool - Exclude the origin header from the custom key.
- Includes []string
- List of headers to include in the custom key.
- check
Presences List<String> - List of headers to check for presence in the custom key.
- exclude
Origin Boolean - Exclude the origin header from the custom key.
- includes List<String>
- List of headers to include in the custom key.
- check
Presences string[] - List of headers to check for presence in the custom key.
- exclude
Origin boolean - Exclude the origin header from the custom key.
- includes string[]
- List of headers to include in the custom key.
- check_
presences Sequence[str] - List of headers to check for presence in the custom key.
- exclude_
origin bool - Exclude the origin header from the custom key.
- includes Sequence[str]
- List of headers to include in the custom key.
- check
Presences List<String> - List of headers to check for presence in the custom key.
- exclude
Origin Boolean - Exclude the origin header from the custom key.
- includes List<String>
- List of headers to include in the custom key.
RulesetRuleActionParametersCacheKeyCustomKeyHost, RulesetRuleActionParametersCacheKeyCustomKeyHostArgs
- Resolved bool
- Resolve hostname to IP address.
- Resolved bool
- Resolve hostname to IP address.
- resolved Boolean
- Resolve hostname to IP address.
- resolved boolean
- Resolve hostname to IP address.
- resolved bool
- Resolve hostname to IP address.
- resolved Boolean
- Resolve hostname to IP address.
RulesetRuleActionParametersCacheKeyCustomKeyQueryString, RulesetRuleActionParametersCacheKeyCustomKeyQueryStringArgs
RulesetRuleActionParametersCacheKeyCustomKeyUser, RulesetRuleActionParametersCacheKeyCustomKeyUserArgs
- Device
Type bool - Add device type to the custom key.
- Geo bool
- Add geo data to the custom key.
- Lang bool
- Add language data to the custom key.
- Device
Type bool - Add device type to the custom key.
- Geo bool
- Add geo data to the custom key.
- Lang bool
- Add language data to the custom key.
- device
Type Boolean - Add device type to the custom key.
- geo Boolean
- Add geo data to the custom key.
- lang Boolean
- Add language data to the custom key.
- device
Type boolean - Add device type to the custom key.
- geo boolean
- Add geo data to the custom key.
- lang boolean
- Add language data to the custom key.
- device_
type bool - Add device type to the custom key.
- geo bool
- Add geo data to the custom key.
- lang bool
- Add language data to the custom key.
- device
Type Boolean - Add device type to the custom key.
- geo Boolean
- Add geo data to the custom key.
- lang Boolean
- Add language data to the custom key.
RulesetRuleActionParametersEdgeTtl, RulesetRuleActionParametersEdgeTtlArgs
- Mode string
- Mode of the edge TTL. Available values:
override_origin,respect_origin,bypass_by_default - Default int
- Default edge TTL.
- Status
Code List<RulesetTtls Rule Action Parameters Edge Ttl Status Code Ttl> - Edge TTL for the status codes.
- Mode string
- Mode of the edge TTL. Available values:
override_origin,respect_origin,bypass_by_default - Default int
- Default edge TTL.
- Status
Code []RulesetTtls Rule Action Parameters Edge Ttl Status Code Ttl - Edge TTL for the status codes.
- mode String
- Mode of the edge TTL. Available values:
override_origin,respect_origin,bypass_by_default - default_ Integer
- Default edge TTL.
- status
Code List<RulesetTtls Rule Action Parameters Edge Ttl Status Code Ttl> - Edge TTL for the status codes.
- mode string
- Mode of the edge TTL. Available values:
override_origin,respect_origin,bypass_by_default - default number
- Default edge TTL.
- status
Code RulesetTtls Rule Action Parameters Edge Ttl Status Code Ttl[] - Edge TTL for the status codes.
- mode str
- Mode of the edge TTL. Available values:
override_origin,respect_origin,bypass_by_default - default int
- Default edge TTL.
- status_
code_ Sequence[Rulesetttls Rule Action Parameters Edge Ttl Status Code Ttl] - Edge TTL for the status codes.
- mode String
- Mode of the edge TTL. Available values:
override_origin,respect_origin,bypass_by_default - default Number
- Default edge TTL.
- status
Code List<Property Map>Ttls - Edge TTL for the status codes.
RulesetRuleActionParametersEdgeTtlStatusCodeTtl, RulesetRuleActionParametersEdgeTtlStatusCodeTtlArgs
- Status
Code int - Status code for which the edge TTL is applied.
- Status
Code List<RulesetRanges Rule Action Parameters Edge Ttl Status Code Ttl Status Code Range> - Status code range for which the edge TTL is applied.
- Value int
- Status code edge TTL value.
- Status
Code int - Status code for which the edge TTL is applied.
- Status
Code []RulesetRanges Rule Action Parameters Edge Ttl Status Code Ttl Status Code Range - Status code range for which the edge TTL is applied.
- Value int
- Status code edge TTL value.
- status
Code Integer - Status code for which the edge TTL is applied.
- status
Code List<RulesetRanges Rule Action Parameters Edge Ttl Status Code Ttl Status Code Range> - Status code range for which the edge TTL is applied.
- value Integer
- Status code edge TTL value.
- status
Code number - Status code for which the edge TTL is applied.
- status
Code RulesetRanges Rule Action Parameters Edge Ttl Status Code Ttl Status Code Range[] - Status code range for which the edge TTL is applied.
- value number
- Status code edge TTL value.
- status_
code int - Status code for which the edge TTL is applied.
- status_
code_ Sequence[Rulesetranges Rule Action Parameters Edge Ttl Status Code Ttl Status Code Range] - Status code range for which the edge TTL is applied.
- value int
- Status code edge TTL value.
- status
Code Number - Status code for which the edge TTL is applied.
- status
Code List<Property Map>Ranges - Status code range for which the edge TTL is applied.
- value Number
- Status code edge TTL value.
RulesetRuleActionParametersEdgeTtlStatusCodeTtlStatusCodeRange, RulesetRuleActionParametersEdgeTtlStatusCodeTtlStatusCodeRangeArgs
RulesetRuleActionParametersFromList, RulesetRuleActionParametersFromListArgs
RulesetRuleActionParametersFromValue, RulesetRuleActionParametersFromValueArgs
- Preserve
Query boolString - Preserve query string for redirect URL.
- Status
Code int - Status code for redirect.
- Target
Url RulesetRule Action Parameters From Value Target Url - Target URL for redirect.
- Preserve
Query boolString - Preserve query string for redirect URL.
- Status
Code int - Status code for redirect.
- Target
Url RulesetRule Action Parameters From Value Target Url - Target URL for redirect.
- preserve
Query BooleanString - Preserve query string for redirect URL.
- status
Code Integer - Status code for redirect.
- target
Url RulesetRule Action Parameters From Value Target Url - Target URL for redirect.
- preserve
Query booleanString - Preserve query string for redirect URL.
- status
Code number - Status code for redirect.
- target
Url RulesetRule Action Parameters From Value Target Url - Target URL for redirect.
- preserve_
query_ boolstring - Preserve query string for redirect URL.
- status_
code int - Status code for redirect.
- target_
url RulesetRule Action Parameters From Value Target Url - Target URL for redirect.
- preserve
Query BooleanString - Preserve query string for redirect URL.
- status
Code Number - Status code for redirect.
- target
Url Property Map - Target URL for redirect.
RulesetRuleActionParametersFromValueTargetUrl, RulesetRuleActionParametersFromValueTargetUrlArgs
- Expression string
- Use a value dynamically determined by the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- Value string
- Static value to provide as the HTTP request header value.
- Expression string
- Use a value dynamically determined by the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- Value string
- Static value to provide as the HTTP request header value.
- expression String
- Use a value dynamically determined by the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- value String
- Static value to provide as the HTTP request header value.
- expression string
- Use a value dynamically determined by the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- value string
- Static value to provide as the HTTP request header value.
- expression str
- Use a value dynamically determined by the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- value str
- Static value to provide as the HTTP request header value.
- expression String
- Use a value dynamically determined by the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- value String
- Static value to provide as the HTTP request header value.
RulesetRuleActionParametersHeader, RulesetRuleActionParametersHeaderArgs
- Expression string
- Use a value dynamically determined by the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- Name string
- Name of the HTTP request header to target.
- Operation string
- Action to perform on the HTTP request header. Available values:
remove,set,add. - Value string
- Static value to provide as the HTTP request header value.
- Expression string
- Use a value dynamically determined by the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- Name string
- Name of the HTTP request header to target.
- Operation string
- Action to perform on the HTTP request header. Available values:
remove,set,add. - Value string
- Static value to provide as the HTTP request header value.
- expression String
- Use a value dynamically determined by the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- name String
- Name of the HTTP request header to target.
- operation String
- Action to perform on the HTTP request header. Available values:
remove,set,add. - value String
- Static value to provide as the HTTP request header value.
- expression string
- Use a value dynamically determined by the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- name string
- Name of the HTTP request header to target.
- operation string
- Action to perform on the HTTP request header. Available values:
remove,set,add. - value string
- Static value to provide as the HTTP request header value.
- expression str
- Use a value dynamically determined by the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- name str
- Name of the HTTP request header to target.
- operation str
- Action to perform on the HTTP request header. Available values:
remove,set,add. - value str
- Static value to provide as the HTTP request header value.
- expression String
- Use a value dynamically determined by the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- name String
- Name of the HTTP request header to target.
- operation String
- Action to perform on the HTTP request header. Available values:
remove,set,add. - value String
- Static value to provide as the HTTP request header value.
RulesetRuleActionParametersMatchedData, RulesetRuleActionParametersMatchedDataArgs
- Public
Key string - Public key to use within WAF Ruleset payload logging to view the HTTP request parameters. You can generate a public key using the
matched-data-clicommand-line tool or in the Cloudflare dashboard.
- Public
Key string - Public key to use within WAF Ruleset payload logging to view the HTTP request parameters. You can generate a public key using the
matched-data-clicommand-line tool or in the Cloudflare dashboard.
- public
Key String - Public key to use within WAF Ruleset payload logging to view the HTTP request parameters. You can generate a public key using the
matched-data-clicommand-line tool or in the Cloudflare dashboard.
- public
Key string - Public key to use within WAF Ruleset payload logging to view the HTTP request parameters. You can generate a public key using the
matched-data-clicommand-line tool or in the Cloudflare dashboard.
- public_
key str - Public key to use within WAF Ruleset payload logging to view the HTTP request parameters. You can generate a public key using the
matched-data-clicommand-line tool or in the Cloudflare dashboard.
- public
Key String - Public key to use within WAF Ruleset payload logging to view the HTTP request parameters. You can generate a public key using the
matched-data-clicommand-line tool or in the Cloudflare dashboard.
RulesetRuleActionParametersOrigin, RulesetRuleActionParametersOriginArgs
RulesetRuleActionParametersOverrides, RulesetRuleActionParametersOverridesArgs
- Action string
- Action to perform in the rule-level override. Available values:
block,challenge,compress_response,ddos_dynamic,ddos_mitigation,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,serve_error,set_cache_settings,set_config,skip. - Categories
List<Ruleset
Rule Action Parameters Overrides Category> - List of tag-based overrides.
- Enabled bool
- Defines if the current ruleset-level override enables or disables the ruleset.
- Rules
List<Ruleset
Rule Action Parameters Overrides Rule> - List of rule-based overrides.
- Sensitivity
Level string - Sensitivity level to override for all ruleset rules. Available values:
default,medium,low,eoff.
- Action string
- Action to perform in the rule-level override. Available values:
block,challenge,compress_response,ddos_dynamic,ddos_mitigation,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,serve_error,set_cache_settings,set_config,skip. - Categories
[]Ruleset
Rule Action Parameters Overrides Category - List of tag-based overrides.
- Enabled bool
- Defines if the current ruleset-level override enables or disables the ruleset.
- Rules
[]Ruleset
Rule Action Parameters Overrides Rule - List of rule-based overrides.
- Sensitivity
Level string - Sensitivity level to override for all ruleset rules. Available values:
default,medium,low,eoff.
- action String
- Action to perform in the rule-level override. Available values:
block,challenge,compress_response,ddos_dynamic,ddos_mitigation,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,serve_error,set_cache_settings,set_config,skip. - categories
List<Ruleset
Rule Action Parameters Overrides Category> - List of tag-based overrides.
- enabled Boolean
- Defines if the current ruleset-level override enables or disables the ruleset.
- rules
List<Ruleset
Rule Action Parameters Overrides Rule> - List of rule-based overrides.
- sensitivity
Level String - Sensitivity level to override for all ruleset rules. Available values:
default,medium,low,eoff.
- action string
- Action to perform in the rule-level override. Available values:
block,challenge,compress_response,ddos_dynamic,ddos_mitigation,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,serve_error,set_cache_settings,set_config,skip. - categories
Ruleset
Rule Action Parameters Overrides Category[] - List of tag-based overrides.
- enabled boolean
- Defines if the current ruleset-level override enables or disables the ruleset.
- rules
Ruleset
Rule Action Parameters Overrides Rule[] - List of rule-based overrides.
- sensitivity
Level string - Sensitivity level to override for all ruleset rules. Available values:
default,medium,low,eoff.
- action str
- Action to perform in the rule-level override. Available values:
block,challenge,compress_response,ddos_dynamic,ddos_mitigation,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,serve_error,set_cache_settings,set_config,skip. - categories
Sequence[Ruleset
Rule Action Parameters Overrides Category] - List of tag-based overrides.
- enabled bool
- Defines if the current ruleset-level override enables or disables the ruleset.
- rules
Sequence[Ruleset
Rule Action Parameters Overrides Rule] - List of rule-based overrides.
- sensitivity_
level str - Sensitivity level to override for all ruleset rules. Available values:
default,medium,low,eoff.
- action String
- Action to perform in the rule-level override. Available values:
block,challenge,compress_response,ddos_dynamic,ddos_mitigation,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,serve_error,set_cache_settings,set_config,skip. - categories List<Property Map>
- List of tag-based overrides.
- enabled Boolean
- Defines if the current ruleset-level override enables or disables the ruleset.
- rules List<Property Map>
- List of rule-based overrides.
- sensitivity
Level String - Sensitivity level to override for all ruleset rules. Available values:
default,medium,low,eoff.
RulesetRuleActionParametersOverridesCategory, RulesetRuleActionParametersOverridesCategoryArgs
- Action string
- Action to perform in the tag-level override. Available values:
block,challenge,compress_response,ddos_dynamic,ddos_mitigation,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,serve_error,set_cache_settings,set_config,skip. - Category string
- Tag name to apply the ruleset rule override to.
- Enabled bool
- Defines if the current tag-level override enables or disables the ruleset rules with the specified tag.
- Action string
- Action to perform in the tag-level override. Available values:
block,challenge,compress_response,ddos_dynamic,ddos_mitigation,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,serve_error,set_cache_settings,set_config,skip. - Category string
- Tag name to apply the ruleset rule override to.
- Enabled bool
- Defines if the current tag-level override enables or disables the ruleset rules with the specified tag.
- action String
- Action to perform in the tag-level override. Available values:
block,challenge,compress_response,ddos_dynamic,ddos_mitigation,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,serve_error,set_cache_settings,set_config,skip. - category String
- Tag name to apply the ruleset rule override to.
- enabled Boolean
- Defines if the current tag-level override enables or disables the ruleset rules with the specified tag.
- action string
- Action to perform in the tag-level override. Available values:
block,challenge,compress_response,ddos_dynamic,ddos_mitigation,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,serve_error,set_cache_settings,set_config,skip. - category string
- Tag name to apply the ruleset rule override to.
- enabled boolean
- Defines if the current tag-level override enables or disables the ruleset rules with the specified tag.
- action str
- Action to perform in the tag-level override. Available values:
block,challenge,compress_response,ddos_dynamic,ddos_mitigation,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,serve_error,set_cache_settings,set_config,skip. - category str
- Tag name to apply the ruleset rule override to.
- enabled bool
- Defines if the current tag-level override enables or disables the ruleset rules with the specified tag.
- action String
- Action to perform in the tag-level override. Available values:
block,challenge,compress_response,ddos_dynamic,ddos_mitigation,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,serve_error,set_cache_settings,set_config,skip. - category String
- Tag name to apply the ruleset rule override to.
- enabled Boolean
- Defines if the current tag-level override enables or disables the ruleset rules with the specified tag.
RulesetRuleActionParametersOverridesRule, RulesetRuleActionParametersOverridesRuleArgs
- Action string
- Action to perform in the rule-level override. Available values:
block,challenge,compress_response,ddos_dynamic,ddos_mitigation,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,serve_error,set_cache_settings,set_config,skip. - Enabled bool
- Defines if the current rule-level override enables or disables the rule.
- Id string
- Rule ID to apply the override to.
- Score
Threshold int - Anomaly score threshold to apply in the ruleset rule override. Only applicable to modsecurity-based rulesets.
- Sensitivity
Level string - Sensitivity level for a ruleset rule override.
- Action string
- Action to perform in the rule-level override. Available values:
block,challenge,compress_response,ddos_dynamic,ddos_mitigation,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,serve_error,set_cache_settings,set_config,skip. - Enabled bool
- Defines if the current rule-level override enables or disables the rule.
- Id string
- Rule ID to apply the override to.
- Score
Threshold int - Anomaly score threshold to apply in the ruleset rule override. Only applicable to modsecurity-based rulesets.
- Sensitivity
Level string - Sensitivity level for a ruleset rule override.
- action String
- Action to perform in the rule-level override. Available values:
block,challenge,compress_response,ddos_dynamic,ddos_mitigation,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,serve_error,set_cache_settings,set_config,skip. - enabled Boolean
- Defines if the current rule-level override enables or disables the rule.
- id String
- Rule ID to apply the override to.
- score
Threshold Integer - Anomaly score threshold to apply in the ruleset rule override. Only applicable to modsecurity-based rulesets.
- sensitivity
Level String - Sensitivity level for a ruleset rule override.
- action string
- Action to perform in the rule-level override. Available values:
block,challenge,compress_response,ddos_dynamic,ddos_mitigation,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,serve_error,set_cache_settings,set_config,skip. - enabled boolean
- Defines if the current rule-level override enables or disables the rule.
- id string
- Rule ID to apply the override to.
- score
Threshold number - Anomaly score threshold to apply in the ruleset rule override. Only applicable to modsecurity-based rulesets.
- sensitivity
Level string - Sensitivity level for a ruleset rule override.
- action str
- Action to perform in the rule-level override. Available values:
block,challenge,compress_response,ddos_dynamic,ddos_mitigation,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,serve_error,set_cache_settings,set_config,skip. - enabled bool
- Defines if the current rule-level override enables or disables the rule.
- id str
- Rule ID to apply the override to.
- score_
threshold int - Anomaly score threshold to apply in the ruleset rule override. Only applicable to modsecurity-based rulesets.
- sensitivity_
level str - Sensitivity level for a ruleset rule override.
- action String
- Action to perform in the rule-level override. Available values:
block,challenge,compress_response,ddos_dynamic,ddos_mitigation,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,serve_error,set_cache_settings,set_config,skip. - enabled Boolean
- Defines if the current rule-level override enables or disables the rule.
- id String
- Rule ID to apply the override to.
- score
Threshold Number - Anomaly score threshold to apply in the ruleset rule override. Only applicable to modsecurity-based rulesets.
- sensitivity
Level String - Sensitivity level for a ruleset rule override.
RulesetRuleActionParametersResponse, RulesetRuleActionParametersResponseArgs
- Content string
- Body content to include in the response.
- Content
Type string - HTTP content type to send in the response.
- Status
Code int - HTTP status code to send in the response.
- Content string
- Body content to include in the response.
- Content
Type string - HTTP content type to send in the response.
- Status
Code int - HTTP status code to send in the response.
- content String
- Body content to include in the response.
- content
Type String - HTTP content type to send in the response.
- status
Code Integer - HTTP status code to send in the response.
- content string
- Body content to include in the response.
- content
Type string - HTTP content type to send in the response.
- status
Code number - HTTP status code to send in the response.
- content str
- Body content to include in the response.
- content_
type str - HTTP content type to send in the response.
- status_
code int - HTTP status code to send in the response.
- content String
- Body content to include in the response.
- content
Type String - HTTP content type to send in the response.
- status
Code Number - HTTP status code to send in the response.
RulesetRuleActionParametersServeStale, RulesetRuleActionParametersServeStaleArgs
- Disable
Stale boolWhile Updating - Disable stale while updating.
- Disable
Stale boolWhile Updating - Disable stale while updating.
- disable
Stale BooleanWhile Updating - Disable stale while updating.
- disable
Stale booleanWhile Updating - Disable stale while updating.
- disable_
stale_ boolwhile_ updating - Disable stale while updating.
- disable
Stale BooleanWhile Updating - Disable stale while updating.
RulesetRuleActionParametersSni, RulesetRuleActionParametersSniArgs
- Value string
- Value to define for SNI.
- Value string
- Value to define for SNI.
- value String
- Value to define for SNI.
- value string
- Value to define for SNI.
- value str
- Value to define for SNI.
- value String
- Value to define for SNI.
RulesetRuleActionParametersUri, RulesetRuleActionParametersUriArgs
- Origin bool
- Path
Ruleset
Rule Action Parameters Uri Path - URI path configuration when performing a URL rewrite.
- Query
Ruleset
Rule Action Parameters Uri Query - Query string configuration when performing a URL rewrite.
- Origin bool
- Path
Ruleset
Rule Action Parameters Uri Path - URI path configuration when performing a URL rewrite.
- Query
Ruleset
Rule Action Parameters Uri Query - Query string configuration when performing a URL rewrite.
- origin Boolean
- path
Ruleset
Rule Action Parameters Uri Path - URI path configuration when performing a URL rewrite.
- query
Ruleset
Rule Action Parameters Uri Query - Query string configuration when performing a URL rewrite.
- origin boolean
- path
Ruleset
Rule Action Parameters Uri Path - URI path configuration when performing a URL rewrite.
- query
Ruleset
Rule Action Parameters Uri Query - Query string configuration when performing a URL rewrite.
- origin bool
- path
Ruleset
Rule Action Parameters Uri Path - URI path configuration when performing a URL rewrite.
- query
Ruleset
Rule Action Parameters Uri Query - Query string configuration when performing a URL rewrite.
- origin Boolean
- path Property Map
- URI path configuration when performing a URL rewrite.
- query Property Map
- Query string configuration when performing a URL rewrite.
RulesetRuleActionParametersUriPath, RulesetRuleActionParametersUriPathArgs
- Expression string
- Expression that defines the updated (dynamic) value of the URI path or query string component. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- Value string
- Static string value of the updated URI path or query string component.
- Expression string
- Expression that defines the updated (dynamic) value of the URI path or query string component. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- Value string
- Static string value of the updated URI path or query string component.
- expression String
- Expression that defines the updated (dynamic) value of the URI path or query string component. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- value String
- Static string value of the updated URI path or query string component.
- expression string
- Expression that defines the updated (dynamic) value of the URI path or query string component. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- value string
- Static string value of the updated URI path or query string component.
- expression str
- Expression that defines the updated (dynamic) value of the URI path or query string component. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- value str
- Static string value of the updated URI path or query string component.
- expression String
- Expression that defines the updated (dynamic) value of the URI path or query string component. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- value String
- Static string value of the updated URI path or query string component.
RulesetRuleActionParametersUriQuery, RulesetRuleActionParametersUriQueryArgs
- Expression string
- Expression that defines the updated (dynamic) value of the URI path or query string component. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- Value string
- Static string value of the updated URI path or query string component.
- Expression string
- Expression that defines the updated (dynamic) value of the URI path or query string component. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- Value string
- Static string value of the updated URI path or query string component.
- expression String
- Expression that defines the updated (dynamic) value of the URI path or query string component. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- value String
- Static string value of the updated URI path or query string component.
- expression string
- Expression that defines the updated (dynamic) value of the URI path or query string component. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- value string
- Static string value of the updated URI path or query string component.
- expression str
- Expression that defines the updated (dynamic) value of the URI path or query string component. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- value str
- Static string value of the updated URI path or query string component.
- expression String
- Expression that defines the updated (dynamic) value of the URI path or query string component. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- value String
- Static string value of the updated URI path or query string component.
RulesetRuleExposedCredentialCheck, RulesetRuleExposedCredentialCheckArgs
- Password
Expression string - Firewall Rules expression language based on Wireshark display filters for where to check for the "password" value. Refer to the Firewall Rules language.
- Username
Expression string - Firewall Rules expression language based on Wireshark display filters for where to check for the "username" value. Refer to the Firewall Rules language.
- Password
Expression string - Firewall Rules expression language based on Wireshark display filters for where to check for the "password" value. Refer to the Firewall Rules language.
- Username
Expression string - Firewall Rules expression language based on Wireshark display filters for where to check for the "username" value. Refer to the Firewall Rules language.
- password
Expression String - Firewall Rules expression language based on Wireshark display filters for where to check for the "password" value. Refer to the Firewall Rules language.
- username
Expression String - Firewall Rules expression language based on Wireshark display filters for where to check for the "username" value. Refer to the Firewall Rules language.
- password
Expression string - Firewall Rules expression language based on Wireshark display filters for where to check for the "password" value. Refer to the Firewall Rules language.
- username
Expression string - Firewall Rules expression language based on Wireshark display filters for where to check for the "username" value. Refer to the Firewall Rules language.
- password_
expression str - Firewall Rules expression language based on Wireshark display filters for where to check for the "password" value. Refer to the Firewall Rules language.
- username_
expression str - Firewall Rules expression language based on Wireshark display filters for where to check for the "username" value. Refer to the Firewall Rules language.
- password
Expression String - Firewall Rules expression language based on Wireshark display filters for where to check for the "password" value. Refer to the Firewall Rules language.
- username
Expression String - Firewall Rules expression language based on Wireshark display filters for where to check for the "username" value. Refer to the Firewall Rules language.
RulesetRuleLogging, RulesetRuleLoggingArgs
- Enabled bool
- Override the default logging behavior when a rule is matched.
- Enabled bool
- Override the default logging behavior when a rule is matched.
- enabled Boolean
- Override the default logging behavior when a rule is matched.
- enabled boolean
- Override the default logging behavior when a rule is matched.
- enabled bool
- Override the default logging behavior when a rule is matched.
- enabled Boolean
- Override the default logging behavior when a rule is matched.
RulesetRuleRatelimit, RulesetRuleRatelimitArgs
- Characteristics List<string>
- List of parameters that define how Cloudflare tracks the request rate for this rule.
- Counting
Expression string - Criteria for counting HTTP requests to trigger the Rate Limiting action. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- Mitigation
Timeout int - Once the request rate is reached, the Rate Limiting rule blocks further requests for the period of time defined in this field.
- Period int
- The period of time to consider (in seconds) when evaluating the request rate.
- Requests
Per intPeriod - The number of requests over the period of time that will trigger the Rate Limiting rule.
- Requests
To boolOrigin - Whether to include requests to origin within the Rate Limiting count.
- Score
Per intPeriod - The maximum aggregate score over the period of time that will trigger Rate Limiting rule.
- Score
Response stringHeader Name - Name of HTTP header in the response, set by the origin server, with the score for the current request.
- Characteristics []string
- List of parameters that define how Cloudflare tracks the request rate for this rule.
- Counting
Expression string - Criteria for counting HTTP requests to trigger the Rate Limiting action. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- Mitigation
Timeout int - Once the request rate is reached, the Rate Limiting rule blocks further requests for the period of time defined in this field.
- Period int
- The period of time to consider (in seconds) when evaluating the request rate.
- Requests
Per intPeriod - The number of requests over the period of time that will trigger the Rate Limiting rule.
- Requests
To boolOrigin - Whether to include requests to origin within the Rate Limiting count.
- Score
Per intPeriod - The maximum aggregate score over the period of time that will trigger Rate Limiting rule.
- Score
Response stringHeader Name - Name of HTTP header in the response, set by the origin server, with the score for the current request.
- characteristics List<String>
- List of parameters that define how Cloudflare tracks the request rate for this rule.
- counting
Expression String - Criteria for counting HTTP requests to trigger the Rate Limiting action. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- mitigation
Timeout Integer - Once the request rate is reached, the Rate Limiting rule blocks further requests for the period of time defined in this field.
- period Integer
- The period of time to consider (in seconds) when evaluating the request rate.
- requests
Per IntegerPeriod - The number of requests over the period of time that will trigger the Rate Limiting rule.
- requests
To BooleanOrigin - Whether to include requests to origin within the Rate Limiting count.
- score
Per IntegerPeriod - The maximum aggregate score over the period of time that will trigger Rate Limiting rule.
- score
Response StringHeader Name - Name of HTTP header in the response, set by the origin server, with the score for the current request.
- characteristics string[]
- List of parameters that define how Cloudflare tracks the request rate for this rule.
- counting
Expression string - Criteria for counting HTTP requests to trigger the Rate Limiting action. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- mitigation
Timeout number - Once the request rate is reached, the Rate Limiting rule blocks further requests for the period of time defined in this field.
- period number
- The period of time to consider (in seconds) when evaluating the request rate.
- requests
Per numberPeriod - The number of requests over the period of time that will trigger the Rate Limiting rule.
- requests
To booleanOrigin - Whether to include requests to origin within the Rate Limiting count.
- score
Per numberPeriod - The maximum aggregate score over the period of time that will trigger Rate Limiting rule.
- score
Response stringHeader Name - Name of HTTP header in the response, set by the origin server, with the score for the current request.
- characteristics Sequence[str]
- List of parameters that define how Cloudflare tracks the request rate for this rule.
- counting_
expression str - Criteria for counting HTTP requests to trigger the Rate Limiting action. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- mitigation_
timeout int - Once the request rate is reached, the Rate Limiting rule blocks further requests for the period of time defined in this field.
- period int
- The period of time to consider (in seconds) when evaluating the request rate.
- requests_
per_ intperiod - The number of requests over the period of time that will trigger the Rate Limiting rule.
- requests_
to_ boolorigin - Whether to include requests to origin within the Rate Limiting count.
- score_
per_ intperiod - The maximum aggregate score over the period of time that will trigger Rate Limiting rule.
- score_
response_ strheader_ name - Name of HTTP header in the response, set by the origin server, with the score for the current request.
- characteristics List<String>
- List of parameters that define how Cloudflare tracks the request rate for this rule.
- counting
Expression String - Criteria for counting HTTP requests to trigger the Rate Limiting action. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- mitigation
Timeout Number - Once the request rate is reached, the Rate Limiting rule blocks further requests for the period of time defined in this field.
- period Number
- The period of time to consider (in seconds) when evaluating the request rate.
- requests
Per NumberPeriod - The number of requests over the period of time that will trigger the Rate Limiting rule.
- requests
To BooleanOrigin - Whether to include requests to origin within the Rate Limiting count.
- score
Per NumberPeriod - The maximum aggregate score over the period of time that will trigger Rate Limiting rule.
- score
Response StringHeader Name - Name of HTTP header in the response, set by the origin server, with the score for the current request.
Import
Import an account scoped Ruleset configuration.
$ pulumi import cloudflare:index/ruleset:Ruleset example account/<account_id>/<ruleset_id>
Import a zone scoped Ruleset configuration.
$ pulumi import cloudflare:index/ruleset:Ruleset example zone/<zone_id>/<ruleset_id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Cloudflare pulumi/pulumi-cloudflare
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cloudflareTerraform Provider.