You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Use the [Rulesets API](/ruleset-engine/rulesets-api/) to configure the execution of a managed ruleset and override its behavior. By default, enabled rules perform the actions defined by the managed ruleset issuer. This example uses overrides to ensure that only rules with a specific tag are enabled.
14
14
@@ -22,73 +22,75 @@ Tag overrides take precedence over ruleset overrides. Only the rules with the sp
22
22
23
23
## Example 1
24
24
25
-
This example uses the [Update a zone entry point ruleset](/ruleset-engine/rulesets-api/update/) operation to deploy the Cloudflare Managed Ruleset to a phase with only Joomla rules enabled. The `name`, `kind`, and `phase` fields are omitted from the request because they are immutable.
25
+
This example deploys the Cloudflare Managed Ruleset to a phase with only Joomla rules enabled. The `name`, `kind`, and `phase` fields are omitted from the request because they are immutable.
26
26
27
27
<Detailsheader="Example: Enable only Joomla rules using category overrides at the zone level">
-`"id": "<MANAGED_RULESET_ID>"` adds a rule to the ruleset of a phase that will apply the Cloudflare Managed Ruleset to requests for the specified zone (`{zone_id}`).
-`"id": "<MANAGED_RULESET_ID>"` adds a rule to the ruleset of a phase that will apply the Cloudflare Managed Ruleset to requests for the specified zone (`$ZONE_ID`).
58
59
-`"enabled": false` defines an override at the ruleset level that disables all rules in the managed ruleset.
59
60
-`"categories": [{"category": "joomla", "action": "block", "enabled": true}]` defines an override at the tag level that enables the Joomla rules and sets their action to `block`.
60
61
61
62
</Details>
62
63
63
64
<Detailsheader="Example: Enable only Joomla rules using category overrides at the account level">
expression: 'cf.zone.name eq "example.com" and cf.zone.plan eq "ENT"',
77
+
action_parameters: {
78
+
id: "<MANAGED_RULESET_ID>",
79
+
overrides: {
80
+
enabled: false,
81
+
categories: [
82
+
{
83
+
category: "joomla",
84
+
action: "block",
85
+
enabled: true,
86
+
},
87
+
],
88
+
},
89
+
},
90
+
},
91
+
],
92
+
}}
93
+
/>
92
94
93
95
-`"id": "<MANAGED_RULESET_ID>"` adds a rule to the ruleset of a phase that will apply the Cloudflare Managed Ruleset to requests for `example.com`.
94
96
-`"enabled": false` defines an override at the ruleset level that disables all rules in the managed ruleset.
@@ -100,83 +102,85 @@ You can add more than one category override to a rule.
100
102
101
103
## Example 2
102
104
103
-
This example uses a `PUT` request to add two overrides to the rule that executes a managed ruleset (`<MANAGED_RULESET_ID>`) in the `http_request_firewall_managed` phase. Note that the `name`, `kind`, and `phase` fields are omitted from the request because they are immutable.
105
+
This example adds two overrides to the rule that executes a managed ruleset (`<MANAGED_RULESET_ID>`) in the `http_request_firewall_managed` phase. Note that the `name`, `kind`, and `phase` fields are omitted from the request because they are immutable.
104
106
105
107
<Detailsheader="Example: Add more than one category override at the zone level">
expression: 'cf.zone.name eq "example.com" and cf.zone.plan eq "ENT"',
157
+
action_parameters: {
158
+
id: "<MANAGED_RULESET_ID>",
159
+
overrides: {
160
+
enabled: false,
161
+
categories: [
162
+
{
163
+
category: "joomla",
164
+
action: "log",
165
+
enabled: true,
166
+
},
167
+
{
168
+
category: "wordpress",
169
+
enabled: false,
170
+
},
171
+
],
172
+
},
173
+
},
174
+
},
175
+
],
176
+
}}
177
+
/>
174
178
175
179
</Details>
176
180
177
-
The order of the overrides in the root ruleset affects whether rules in the deployed managed ruleset are enabled or disabled. Overrides placed later in the list take precedence over earlier overrides. Consider four rules from the managed ruleset in the code above that have different combinations of `category` tags.
181
+
The order of the overrides in the ruleset determines if rules in the deployed managed ruleset are enabled or disabled. Overrides placed later in the list take precedence over earlier overrides.
178
182
179
-
The following table shows the status of the rules after the overrides.
183
+
Consider four rules from the managed ruleset in the code above that have different combinations of `category` tags. The following table shows the status of the rules after the overrides.
180
184
181
185
| Rule in managed ruleset | Tags | Rule status after overrides |
0 commit comments