Ruleset
The Cloudflare Ruleset Engine allows you to create and deploy rules and rulesets. The engine syntax, inspired by the Wireshark Display Filter language, is the same syntax used in custom Firewall Rules. Cloudflare uses the Ruleset Engine in different products, allowing you to configure several products using the same basic syntax.
Example Usage
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.Ruleset;
import com.pulumi.cloudflare.RulesetArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersOverridesArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersUriArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersUriPathArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersUriQueryArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleRatelimitArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersOriginArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersEdgeTtlArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersBrowserTtlArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersServeStaleArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyQueryStringArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyHeaderArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyCookieArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyUserArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyHostArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersFromListArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersFromValueArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersFromValueTargetUrlArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Magic Transit
var magicTransitExample = new Ruleset("magicTransitExample", RulesetArgs.builder()
.accountId("f037e56e89293a057740de681ac9abbe")
.name("account magic transit")
.description("example magic transit ruleset description")
.kind("root")
.phase("magic_transit")
.rules(RulesetRuleArgs.builder()
.action("allow")
.expression("tcp.dstport in { 32768..65535 }")
.description("Allow TCP Ephemeral Ports")
.build())
.build());
// Zone-level WAF Managed Ruleset
var zoneLevelManagedWaf = new Ruleset("zoneLevelManagedWaf", RulesetArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("managed WAF")
.description("managed WAF ruleset description")
.kind("zone")
.phase("http_request_firewall_managed")
.rules(RulesetRuleArgs.builder()
.action("execute")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.id("efb7b8c949ac4650a09736fc376e9aee")
.build())
.expression("(http.host eq \"example.host.com\")")
.description("Execute Cloudflare Managed Ruleset on my zone-level phase entry point ruleset")
.enabled(true)
.build())
.build());
// Zone-level WAF with tag-based overrides
var zoneLevelManagedWafWithCategoryBasedOverrides = new Ruleset("zoneLevelManagedWafWithCategoryBasedOverrides", RulesetArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("managed WAF with tag-based overrides")
.description("managed WAF with tag-based overrides ruleset description")
.kind("zone")
.phase("http_request_firewall_managed")
.rules(RulesetRuleArgs.builder()
.action("execute")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.id("efb7b8c949ac4650a09736fc376e9aee")
.overrides(RulesetRuleActionParametersOverridesArgs.builder()
.categories(
RulesetRuleActionParametersOverridesCategoryArgs.builder()
.category("wordpress")
.action("block")
.enabled(true)
.build(),
RulesetRuleActionParametersOverridesCategoryArgs.builder()
.category("joomla")
.action("block")
.enabled(true)
.build())
.build())
.build())
.expression("(http.host eq \"example.host.com\")")
.description("overrides to only enable wordpress rules to block")
.enabled(false)
.build())
.build());
// Rewrite the URI path component to a static path
var transformUriRulePath = new Ruleset("transformUriRulePath", RulesetArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("transform rule for URI path")
.description("change the URI path to a new static path")
.kind("zone")
.phase("http_request_transform")
.rules(RulesetRuleArgs.builder()
.action("rewrite")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.uri(RulesetRuleActionParametersUriArgs.builder()
.path(RulesetRuleActionParametersUriPathArgs.builder()
.value("/my-new-route")
.build())
.build())
.build())
.expression("(http.host eq \"example.com\" and http.request.uri.path eq \"/old-path\")")
.description("example URI path transform rule")
.enabled(true)
.build())
.build());
// Rewrite the URI query component to a static query
var transformUriRuleQuery = new Ruleset("transformUriRuleQuery", RulesetArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("transform rule for URI query parameter")
.description("change the URI query to a new static query")
.kind("zone")
.phase("http_request_transform")
.rules(RulesetRuleArgs.builder()
.action("rewrite")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.uri(RulesetRuleActionParametersUriArgs.builder()
.query(RulesetRuleActionParametersUriQueryArgs.builder()
.value("old=new_again")
.build())
.build())
.build())
.expression("(http.host eq \"example.host.com\")")
.description("URI transformation query example")
.enabled(true)
.build())
.build());
// Rewrite HTTP headers to a modified values
var transformUriHttpHeaders = new Ruleset("transformUriHttpHeaders", RulesetArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("transform rule for HTTP headers")
.description("modify HTTP headers before reaching origin")
.kind("zone")
.phase("http_request_late_transform")
.rules(RulesetRuleArgs.builder()
.action("rewrite")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.headers(
RulesetRuleActionParametersHeaderArgs.builder()
.name("example-http-header-1")
.operation("set")
.value("my-http-header-value-1")
.build(),
RulesetRuleActionParametersHeaderArgs.builder()
.name("example-http-header-2")
.operation("set")
.expression("cf.zone.name")
.build(),
RulesetRuleActionParametersHeaderArgs.builder()
.name("example-http-header-3-to-remove")
.operation("remove")
.build())
.build())
.expression("(http.host eq \"example.host.com\")")
.description("example request header transform rule")
.enabled(false)
.build())
.build());
// HTTP rate limit for an API route
var rateLimitingExample = new Ruleset("rateLimitingExample", RulesetArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("restrict API requests count")
.description("apply HTTP rate limiting for a route")
.kind("zone")
.phase("http_ratelimit")
.rules(RulesetRuleArgs.builder()
.action("block")
.ratelimit(RulesetRuleRatelimitArgs.builder()
.characteristics(
"cf.colo.id",
"ip.src")
.period(60)
.requestsPerPeriod(100)
.mitigationTimeout(600)
.build())
.expression("(http.request.uri.path matches \"^/api/\")")
.description("rate limit for API")
.enabled(true)
.build())
.build());
// Change origin for an API route
var httpOriginExample = new Ruleset("httpOriginExample", RulesetArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("Change to some origin")
.description("Change origin for a route")
.kind("zone")
.phase("http_request_origin")
.rules(RulesetRuleArgs.builder()
.action("route")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.hostHeader("some.host")
.origin(RulesetRuleActionParametersOriginArgs.builder()
.host("some.host")
.port(80)
.build())
.build())
.expression("(http.request.uri.path matches \"^/api/\")")
.description("change origin to some.host")
.enabled(true)
.build())
.build());
// Custom fields logging
var customFieldsLoggingExample = new Ruleset("customFieldsLoggingExample", RulesetArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("log custom fields")
.description("add custom fields to logging")
.kind("zone")
.phase("http_log_custom_fields")
.rules(RulesetRuleArgs.builder()
.action("log_custom_field")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.requestFields(
"content-type",
"x-forwarded-for",
"host")
.responseFields(
"server",
"content-type",
"allow")
.cookieFields(
"__ga",
"accountNumber",
"__cfruid")
.build())
.expression("(http.host eq \"example.host.com\")")
.description("log custom fields rule")
.enabled(true)
.build())
.build());
// Custom cache keys + settings
var cacheSettingsExample = new Ruleset("cacheSettingsExample", RulesetArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("set cache settings")
.description("set cache settings for the request")
.kind("zone")
.phase("http_request_cache_settings")
.rules(RulesetRuleArgs.builder()
.action("set_cache_settings")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.edgeTtl(RulesetRuleActionParametersEdgeTtlArgs.builder()
.mode("override_origin")
.default_(60)
.statusCodeTtls(
RulesetRuleActionParametersEdgeTtlStatusCodeTtlArgs.builder()
.statusCode(200)
.value(50)
.build(),
RulesetRuleActionParametersEdgeTtlStatusCodeTtlArgs.builder()
.statusCodeRange(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.value(30)
.build())
.build())
.browserTtl(RulesetRuleActionParametersBrowserTtlArgs.builder()
.mode("respect_origin")
.build())
.serveStale(RulesetRuleActionParametersServeStaleArgs.builder()
.disableStaleWhileUpdating(true)
.build())
.respectStrongEtags(true)
.cacheKey(RulesetRuleActionParametersCacheKeyArgs.builder()
.ignoreQueryStringsOrder(false)
.cacheDeceptionArmor(true)
.customKey(RulesetRuleActionParametersCacheKeyCustomKeyArgs.builder()
.queryString(RulesetRuleActionParametersCacheKeyCustomKeyQueryStringArgs.builder()
.excludes("*")
.build())
.header(RulesetRuleActionParametersCacheKeyCustomKeyHeaderArgs.builder()
.includes(
"habc",
"hdef")
.checkPresences(
"habc_t",
"hdef_t")
.excludeOrigin(true)
.build())
.cookie(RulesetRuleActionParametersCacheKeyCustomKeyCookieArgs.builder()
.includes(
"cabc",
"cdef")
.checkPresences(
"cabc_t",
"cdef_t")
.build())
.user(RulesetRuleActionParametersCacheKeyCustomKeyUserArgs.builder()
.deviceType(true)
.geo(false)
.build())
.host(RulesetRuleActionParametersCacheKeyCustomKeyHostArgs.builder()
.resolved(true)
.build())
.build())
.build())
.originErrorPagePassthru(false)
.build())
.expression("(http.host eq \"example.host.com\")")
.description("set cache settings rule")
.enabled(true)
.build())
.build());
// Redirects based on a List resource
var redirectFromListExample = new Ruleset("redirectFromListExample", RulesetArgs.builder()
.accountId("f037e56e89293a057740de681ac9abbe")
.name("redirects")
.description("Redirect ruleset")
.kind("root")
.phase("http_request_redirect")
.rules(RulesetRuleArgs.builder()
.action("redirect")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.fromList(RulesetRuleActionParametersFromListArgs.builder()
.name("redirect_list")
.key("http.request.full_uri")
.build())
.build())
.expression("http.request.full_uri in $redirect_list")
.description("Apply redirects from redirect_list")
.enabled(true)
.build())
.build());
// Dynamic Redirects from value resource
var redirectFromValueExample = new Ruleset("redirectFromValueExample", RulesetArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("redirects")
.description("Redirect ruleset")
.kind("zone")
.phase("http_request_dynamic_redirect")
.rules(RulesetRuleArgs.builder()
.action("redirect")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.fromValue(RulesetRuleActionParametersFromValueArgs.builder()
.statusCode(301)
.targetUrl(RulesetRuleActionParametersFromValueTargetUrlArgs.builder()
.value("some_host.com")
.build())
.preserveQueryString(true)
.build())
.build())
.expression("(http.request.uri.path matches \"^/api/\")")
.description("Apply redirect from value")
.enabled(true)
.build())
.build());
// Serve some custom error response
var httpCustomErrorExample = new Ruleset("httpCustomErrorExample", RulesetArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("Serve some error response")
.description("Serve some error response")
.kind("zone")
.phase("http_custom_errors")
.rules(RulesetRuleArgs.builder()
.action("serve_error")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.content("some error html")
.contentType("text/html")
.statusCode("530")
.build())
.expression("(http.request.uri.path matches \"^/api/\")")
.description("serve some error response")
.enabled(true)
.build())
.build());
// Set Configuration Rules for an API route
var httpConfigRulesExample = new Ruleset("httpConfigRulesExample", RulesetArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("set config rules")
.description("set config rules for request")
.kind("zone")
.phase("http_config_settings")
.rules(RulesetRuleArgs.builder()
.action("set_config")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.emailObfuscation(true)
.bic(true)
.build())
.expression("(http.request.uri.path matches \"^/api/\")")
.description("set config rules for matching request")
.enabled(true)
.build())
.build());
// Set compress algorithm for response.
var responseCompressBrotliHtml = new Ruleset("responseCompressBrotliHtml", RulesetArgs.builder()
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.name("Brotli response compression for HTML")
.description("Response compression ruleset")
.kind("zone")
.phase("http_response_compression")
.rules(RulesetRuleArgs.builder()
.action("compress_response")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.algorithms(
RulesetRuleActionParametersAlgorithmArgs.builder()
.name("brotli")
.build(),
RulesetRuleActionParametersAlgorithmArgs.builder()
.name("auto")
.build())
.build())
.expression("http.response.content_type.media_type == \"text/html\"")
.description("Prefer brotli compression for HTML")
.enabled(true)
.build())
.build());
}
}Content copied to clipboard
resources:
# Magic Transit
magicTransitExample:
type: cloudflare:Ruleset
name: magic_transit_example
properties:
accountId: f037e56e89293a057740de681ac9abbe
name: account magic transit
description: example magic transit ruleset description
kind: root
phase: magic_transit
rules:
- action: allow
expression: tcp.dstport in { 32768..65535 }
description: Allow TCP Ephemeral Ports
# Zone-level WAF Managed Ruleset
zoneLevelManagedWaf:
type: cloudflare:Ruleset
name: zone_level_managed_waf
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
name: managed WAF
description: managed WAF ruleset description
kind: zone
phase: http_request_firewall_managed
rules:
- action: execute
actionParameters:
id: efb7b8c949ac4650a09736fc376e9aee
expression: (http.host eq "example.host.com")
description: Execute Cloudflare Managed Ruleset on my zone-level phase entry point ruleset
enabled: true
# Zone-level WAF with tag-based overrides
zoneLevelManagedWafWithCategoryBasedOverrides:
type: cloudflare:Ruleset
name: zone_level_managed_waf_with_category_based_overrides
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
name: managed WAF with tag-based overrides
description: managed WAF with tag-based overrides ruleset description
kind: zone
phase: http_request_firewall_managed
rules:
- action: execute
actionParameters:
id: efb7b8c949ac4650a09736fc376e9aee
overrides:
categories:
- category: wordpress
action: block
enabled: true
- category: joomla
action: block
enabled: true
expression: (http.host eq "example.host.com")
description: overrides to only enable wordpress rules to block
enabled: false
# Rewrite the URI path component to a static path
transformUriRulePath:
type: cloudflare:Ruleset
name: transform_uri_rule_path
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
name: transform rule for URI path
description: change the URI path to a new static path
kind: zone
phase: http_request_transform
rules:
- action: rewrite
actionParameters:
uri:
path:
value: /my-new-route
expression: (http.host eq "example.com" and http.request.uri.path eq "/old-path")
description: example URI path transform rule
enabled: true
# Rewrite the URI query component to a static query
transformUriRuleQuery:
type: cloudflare:Ruleset
name: transform_uri_rule_query
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
name: transform rule for URI query parameter
description: change the URI query to a new static query
kind: zone
phase: http_request_transform
rules:
- action: rewrite
actionParameters:
uri:
query:
value: old=new_again
expression: (http.host eq "example.host.com")
description: URI transformation query example
enabled: true
# Rewrite HTTP headers to a modified values
transformUriHttpHeaders:
type: cloudflare:Ruleset
name: transform_uri_http_headers
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
name: transform rule for HTTP headers
description: modify HTTP headers before reaching origin
kind: zone
phase: http_request_late_transform
rules:
- action: rewrite
actionParameters:
headers:
- name: example-http-header-1
operation: set
value: my-http-header-value-1
- name: example-http-header-2
operation: set
expression: cf.zone.name
- name: example-http-header-3-to-remove
operation: remove
expression: (http.host eq "example.host.com")
description: example request header transform rule
enabled: false
# HTTP rate limit for an API route
rateLimitingExample:
type: cloudflare:Ruleset
name: rate_limiting_example
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
name: restrict API requests count
description: apply HTTP rate limiting for a route
kind: zone
phase: http_ratelimit
rules:
- action: block
ratelimit:
characteristics:
- cf.colo.id
- ip.src
period: 60
requestsPerPeriod: 100
mitigationTimeout: 600
expression: (http.request.uri.path matches "^/api/")
description: rate limit for API
enabled: true
# Change origin for an API route
httpOriginExample:
type: cloudflare:Ruleset
name: http_origin_example
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
name: Change to some origin
description: Change origin for a route
kind: zone
phase: http_request_origin
rules:
- action: route
actionParameters:
hostHeader: some.host
origin:
host: some.host
port: 80
expression: (http.request.uri.path matches "^/api/")
description: change origin to some.host
enabled: true
# Custom fields logging
customFieldsLoggingExample:
type: cloudflare:Ruleset
name: custom_fields_logging_example
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
name: log custom fields
description: add custom fields to logging
kind: zone
phase: http_log_custom_fields
rules:
- action: log_custom_field
actionParameters:
requestFields:
- content-type
- x-forwarded-for
- host
responseFields:
- server
- content-type
- allow
cookieFields:
- __ga
- accountNumber
- __cfruid
expression: (http.host eq "example.host.com")
description: log custom fields rule
enabled: true
# Custom cache keys + settings
cacheSettingsExample:
type: cloudflare:Ruleset
name: cache_settings_example
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
name: set cache settings
description: set cache settings for the request
kind: zone
phase: http_request_cache_settings
rules:
- action: set_cache_settings
actionParameters:
edgeTtl:
mode: override_origin
default: 60
statusCodeTtls:
- statusCode: 200
value: 50
- statusCodeRange:
from: 201
to: 300
value: 30
browserTtl:
mode: respect_origin
serveStale:
disableStaleWhileUpdating: true
respectStrongEtags: true
cacheKey:
ignoreQueryStringsOrder: false
cacheDeceptionArmor: true
customKey:
queryString:
excludes:
- '*'
header:
includes:
- habc
- hdef
checkPresences:
- habc_t
- hdef_t
excludeOrigin: true
cookie:
includes:
- cabc
- cdef
checkPresences:
- cabc_t
- cdef_t
user:
deviceType: true
geo: false
host:
resolved: true
originErrorPagePassthru: false
expression: (http.host eq "example.host.com")
description: set cache settings rule
enabled: true
# Redirects based on a List resource
redirectFromListExample:
type: cloudflare:Ruleset
name: redirect_from_list_example
properties:
accountId: f037e56e89293a057740de681ac9abbe
name: redirects
description: Redirect ruleset
kind: root
phase: http_request_redirect
rules:
- action: redirect
actionParameters:
fromList:
name: redirect_list
key: http.request.full_uri
expression: http.request.full_uri in $redirect_list
description: Apply redirects from redirect_list
enabled: true
# Dynamic Redirects from value resource
redirectFromValueExample:
type: cloudflare:Ruleset
name: redirect_from_value_example
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
name: redirects
description: Redirect ruleset
kind: zone
phase: http_request_dynamic_redirect
rules:
- action: redirect
actionParameters:
fromValue:
statusCode: 301
targetUrl:
value: some_host.com
preserveQueryString: true
expression: (http.request.uri.path matches "^/api/")
description: Apply redirect from value
enabled: true
# Serve some custom error response
httpCustomErrorExample:
type: cloudflare:Ruleset
name: http_custom_error_example
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
name: Serve some error response
description: Serve some error response
kind: zone
phase: http_custom_errors
rules:
- action: serve_error
actionParameters:
content: some error html
contentType: text/html
statusCode: '530'
expression: (http.request.uri.path matches "^/api/")
description: serve some error response
enabled: true
# Set Configuration Rules for an API route
httpConfigRulesExample:
type: cloudflare:Ruleset
name: http_config_rules_example
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
name: set config rules
description: set config rules for request
kind: zone
phase: http_config_settings
rules:
- action: set_config
actionParameters:
emailObfuscation: true
bic: true
expression: (http.request.uri.path matches "^/api/")
description: set config rules for matching request
enabled: true
# Set compress algorithm for response.
responseCompressBrotliHtml:
type: cloudflare:Ruleset
name: response_compress_brotli_html
properties:
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
name: Brotli response compression for HTML
description: Response compression ruleset
kind: zone
phase: http_response_compression
rules:
- action: compress_response
actionParameters:
algorithms:
- name: brotli
- name: auto
expression: http.response.content_type.media_type == "text/html"
description: Prefer brotli compression for HTML
enabled: trueContent copied to clipboard
Import
Import an account scoped Ruleset configuration.
$ pulumi import cloudflare:index/ruleset:Ruleset example account/<account_id>/<ruleset_id>Content copied to clipboard
Import a zone scoped Ruleset configuration.
$ pulumi import cloudflare:index/ruleset:Ruleset example zone/<zone_id>/<ruleset_id>Content copied to clipboard
Properties
Link copied to clipboard
Brief summary of the ruleset and its intended use.
Link copied to clipboard
Point in the request/response lifecycle where the ruleset will be created. Available values: ddos_l4, ddos_l7, http_config_settings, http_custom_errors, http_log_custom_fields, http_ratelimit, http_request_cache_settings, http_request_dynamic_redirect, http_request_firewall_custom, http_request_firewall_managed, http_request_late_transform, http_request_origin, http_request_redirect, http_request_sanitize, http_request_sbfm, http_request_transform, http_response_compression, http_response_firewall_managed, http_response_headers_transform, magic_transit.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
List of rules to apply to the ruleset.