diff --git a/src/content/docs/cache/how-to/cache-rules/create-api.mdx b/src/content/docs/cache/how-to/cache-rules/create-api.mdx index d9b90dd57565ae0..33ceab7160d70bb 100644 --- a/src/content/docs/cache/how-to/cache-rules/create-api.mdx +++ b/src/content/docs/cache/how-to/cache-rules/create-api.mdx @@ -12,7 +12,7 @@ head: import { Details, APIRequest } from "~/components" -Use the [Rulesets API](https://developers.cloudflare.com/ruleset-engine/rulesets-api/) to create a cache rule via API. To configure Cloudflare’s API refer to the [API documentation](/fundamentals/api/get-started/). +Use the [Rulesets API](/ruleset-engine/rulesets-api/) to create a cache rule via API. To configure Cloudflare’s API refer to the [API documentation](/fundamentals/api/get-started/). ## Basic rule settings diff --git a/src/content/docs/ruleset-engine/about/phases.mdx b/src/content/docs/ruleset-engine/about/phases.mdx index 437550e264c224e..ef241a818bb799c 100644 --- a/src/content/docs/ruleset-engine/about/phases.mdx +++ b/src/content/docs/ruleset-engine/about/phases.mdx @@ -3,21 +3,16 @@ title: Phases pcx_content_type: concept sidebar: order: 2 - --- -A phase defines a stage in the life of a request where you can execute rulesets. Phases are defined by Cloudflare and cannot be modified. +A phase defines a stage in the life of a request where you can execute [rulesets](/ruleset-engine/about/rulesets/). Phases are defined by Cloudflare and cannot be modified. -Phases exist at two levels: at the **account** level and at the **zone** level. For the same phase, rules defined at the account level are evaluated **before** the rules defined at the zone level. +Phases exist at two levels: at the account level and at the zone level. For the same phase, rules defined at the account level are evaluated before the rules defined at the zone level. Each phase has at most one [entry point ruleset](/ruleset-engine/about/rulesets/#entry-point-ruleset) at the account and zone level. :::note - - Currently, phases at the account level are only available in Enterprise plans. - - ::: The following diagram outlines the request handling process where requests go through the available phases: diff --git a/src/content/docs/ruleset-engine/about/rulesets.mdx b/src/content/docs/ruleset-engine/about/rulesets.mdx index e48d0cb6c2d0753..89db7b211772d68 100644 --- a/src/content/docs/ruleset-engine/about/rulesets.mdx +++ b/src/content/docs/ruleset-engine/about/rulesets.mdx @@ -19,7 +19,7 @@ Specific Cloudflare products may provide other types of rulesets. ## Entry point ruleset -An entry point ruleset contains a list of ordered rules that run in a [phase](/ruleset-engine/about/phases/) at the account or zone level. This ruleset is an entry point for all rules executed in a phase. Some of these rules may run other rulesets. +An entry point ruleset contains a list of ordered [rules](/ruleset-engine/about/rules/) that run in a [phase](/ruleset-engine/about/phases/) at the account or zone level. This ruleset is an entry point for all rules executed in a phase. Some of these rules may run other rulesets. Each phase has at most one entry point ruleset at the account level and at the zone level. diff --git a/src/content/docs/ruleset-engine/basic-operations/add-rule-phase-rulesets.mdx b/src/content/docs/ruleset-engine/basic-operations/add-rule-phase-rulesets.mdx index 8a0165e00a19109..ce65f0730852337 100644 --- a/src/content/docs/ruleset-engine/basic-operations/add-rule-phase-rulesets.mdx +++ b/src/content/docs/ruleset-engine/basic-operations/add-rule-phase-rulesets.mdx @@ -18,7 +18,7 @@ If you are adding a **single** rule to a ruleset, consider using one of the [rul Instead of relying on the automatic creation of an entry point ruleset, you can also create this ruleset explicitly using one of the [ruleset creation operations](/ruleset-engine/rulesets-api/create/). ::: -
+## Example: Set the rules of a phase entry point ruleset at the zone level The following example sets the rules of a phase entry point ruleset at the zone level for the `http_request_firewall_managed` phase using the [Update a zone entry point ruleset](/api/resources/rulesets/subresources/phases/methods/update/) operation. @@ -87,9 +87,7 @@ The following example sets the rules of a phase entry point ruleset at the zone } ``` -
- -
+## Example: Add a single rule to a phase entry point ruleset at the zone level The following example adds a single rule to a phase entry point ruleset (with ID `$RULESET_ID`) at the zone level using the [Create a zone ruleset rule](/api/resources/rulesets/subresources/rules/methods/create/) operation. @@ -143,5 +141,3 @@ The following example adds a single rule to a phase entry point ruleset (with ID "messages": [] } ``` - -
diff --git a/src/content/docs/ruleset-engine/basic-operations/deploy-rulesets.mdx b/src/content/docs/ruleset-engine/basic-operations/deploy-rulesets.mdx index 7bccec721bb0ac6..00a6928a5f4a3c2 100644 --- a/src/content/docs/ruleset-engine/basic-operations/deploy-rulesets.mdx +++ b/src/content/docs/ruleset-engine/basic-operations/deploy-rulesets.mdx @@ -6,25 +6,25 @@ sidebar: order: 4 --- -import { APIRequest } from "~/components"; +import { APIRequest, RuleID } from "~/components"; Use the [Rulesets API](/ruleset-engine/rulesets-api/) to deploy a ruleset. To deploy a ruleset, add a rule with `"action": "execute"` to a [phase entry point ruleset](/ruleset-engine/about/rulesets/#entry-point-ruleset), specifying the ruleset ID to execute as an action parameter. Use a separate rule for each ruleset you want to deploy. A rule that executes a ruleset consists of: -- The **ID of the ruleset** you want to execute. -- An **expression**. -- An **action**, set to `execute`. +- The ID of the ruleset you want to execute, included in `action_parameters.id`. +- An expression. +- The `execute` action. The rules in the ruleset execute when a request satisfies the expression. :::note -To apply a rule to every request in a phase at the **zone** level, set the rule expression to `true`. +To apply a rule to every request in a phase at the zone level, set the rule expression to `true`. ::: ## Example -The following example deploys a [managed ruleset](/ruleset-engine/about/rulesets/#managed-rulesets) to the `http_request_firewall_managed` phase of a given zone (`$ZONE_ID`) by adding a rule that executes the managed ruleset. +The following example deploys the [Cloudflare Managed Ruleset](/waf/managed-rules/reference/cloudflare-managed-ruleset/) (with ID ) to the `http_request_firewall_managed` phase of a given zone (`$ZONE_ID`) by adding a rule that executes the managed ruleset. ", + id: "efb7b8c949ac4650a09736fc376e9aee", }, expression: "true", description: "Execute Cloudflare Managed Ruleset on my zone ruleset", @@ -60,7 +60,7 @@ The following example deploys a [managed ruleset](/ruleset-engine/about/rulesets "version": "1", "action": "execute", "action_parameters": { - "id": "", + "id": "efb7b8c949ac4650a09736fc376e9aee", "version": "3" }, "expression": "true", @@ -79,6 +79,10 @@ The following example deploys a [managed ruleset](/ruleset-engine/about/rulesets } ``` +:::caution +This API request replaces any existing rules in the `http_request_firewall_managed` phase entry point ruleset with a single rule. +::: + ## Related resources For more examples of deploying rulesets, refer to the following pages: diff --git a/src/content/docs/ruleset-engine/basic-operations/view-rulesets.mdx b/src/content/docs/ruleset-engine/basic-operations/view-rulesets.mdx index f80b00b0ba403f1..a32ad80b5ba92e1 100644 --- a/src/content/docs/ruleset-engine/basic-operations/view-rulesets.mdx +++ b/src/content/docs/ruleset-engine/basic-operations/view-rulesets.mdx @@ -10,9 +10,9 @@ import { Details, APIRequest } from "~/components"; ## View available rulesets -You can list the available rulesets for a zone, account, or phase. +You can list the available rulesets for a zone or account. -
+### Example: View available rulesets at the zone level The response to the `GET` request will include the following rulesets: @@ -22,7 +22,7 @@ The response to the `GET` request will include the following rulesets: -```json output +```json output collapse={12-29} { "result": [ { @@ -59,9 +59,7 @@ The response to the `GET` request will include the following rulesets: } ``` -
- -
+### Example: View available rulesets at the account level The response will include the following rulesets: @@ -71,7 +69,7 @@ The response will include the following rulesets: -```json output +```json output collapse={12-38} { "result": [ { @@ -117,13 +115,11 @@ The response will include the following rulesets: } ``` -
- ## View the rules included in a ruleset You can view all versions of phase entry points (at the account and zone levels) and custom rulesets, but you can only view the most recent version of managed rulesets. -
+### Example: View rules in a phase entry point ruleset at the zone level The following example lists the rules in version `2` of the `http_request_firewall_managed` phase entry point ruleset at the zone level. @@ -165,9 +161,7 @@ The following example lists the rules in version `2` of the `http_request_firewa } ``` -
- -
+### Example: View rules in a managed ruleset The following example lists the rules in version `2` of a managed ruleset (the most recent version of that ruleset). @@ -182,7 +176,7 @@ Each rule in a managed ruleset can have associated tags or categories, listed in }} /> -```json output +```json output collapse={26-36} { "result": { "id": "", @@ -229,8 +223,6 @@ Each rule in a managed ruleset can have associated tags or categories, listed in } ``` -
- ## Related resources For more information on the available API methods for viewing rulesets, refer to [List and view rulesets](/ruleset-engine/rulesets-api/view/). diff --git a/src/content/docs/ruleset-engine/managed-rulesets/override-examples/deploy-cmr-wordpress-block.mdx b/src/content/docs/ruleset-engine/managed-rulesets/override-examples/deploy-cmr-wordpress-block.mdx index 672cc207a682144..dd1351ae6302a47 100644 --- a/src/content/docs/ruleset-engine/managed-rulesets/override-examples/deploy-cmr-wordpress-block.mdx +++ b/src/content/docs/ruleset-engine/managed-rulesets/override-examples/deploy-cmr-wordpress-block.mdx @@ -8,20 +8,20 @@ head: content: Use tag overrides to set WordPress rules to Block --- -import { Details, APIRequest } from "~/components"; +import { Details, APIRequest, Render } from "~/components"; Follow the steps below to create a rule that executes a managed ruleset and defines an override for rules with a specific tag. 1. [Add a rule](/ruleset-engine/basic-operations/deploy-rulesets/) to a phase entry point ruleset that executes a managed ruleset. 2. [Configure a tag override](/ruleset-engine/managed-rulesets/override-managed-ruleset/) that sets a specified action for all rules with a given tag. -The example below uses the [Update a zone entry point ruleset](/ruleset-engine/rulesets-api/update/) operation to perform the two steps in a single `PUT` request. +## Zone-level example + +This example uses the [Update a zone entry point ruleset](/ruleset-engine/rulesets-api/update/) operation to perform the following two steps in a single `PUT` request: - Set the list of rules in the `http_request_firewall_managed` phase entry point ruleset to a single rule that executes the [Cloudflare Managed Ruleset](/waf/managed-rules/reference/cloudflare-managed-ruleset/). - Override rules with the `wordpress` tag to set the action to `block`. All other rules use the default action provided by the ruleset issuer. -
- -
+## Account-level example + +This example uses the [Update an account entry point ruleset](/ruleset-engine/rulesets-api/update/) operation to perform the following two steps in a single `PUT` request: -
+- Set the list of rules in the `http_request_firewall_managed` phase entry point ruleset to a single rule that executes the [Cloudflare Managed Ruleset](/waf/managed-rules/reference/cloudflare-managed-ruleset/) for the zone `example.com`. +- Override rules with the `wordpress` tag to set the action to `block`. All other rules use the default action provided by the ruleset issuer. + + - -
diff --git a/src/content/docs/ruleset-engine/managed-rulesets/override-examples/enable-selected-rules.mdx b/src/content/docs/ruleset-engine/managed-rulesets/override-examples/enable-selected-rules.mdx index c7e1aeef62e8632..9191a7011dd61be 100644 --- a/src/content/docs/ruleset-engine/managed-rulesets/override-examples/enable-selected-rules.mdx +++ b/src/content/docs/ruleset-engine/managed-rulesets/override-examples/enable-selected-rules.mdx @@ -8,7 +8,7 @@ head: content: Use rulesets and rule overrides to only enable selected rules --- -import { Details, APIRequest } from "~/components"; +import { Details, APIRequest, Render } from "~/components"; Use a ruleset override and a rule override in a phase entry point ruleset to execute only selected rules in a managed ruleset. @@ -16,7 +16,7 @@ Use a ruleset override and a rule override in a phase entry point ruleset to exe 2. [Configure a ruleset override](/ruleset-engine/managed-rulesets/override-managed-ruleset/) that disables all rules in the managed ruleset. 3. [Configure a rule override](/ruleset-engine/managed-rulesets/override-managed-ruleset/) to set an action for the rules you want to execute. -
+## Zone-level example The following `PUT` request uses the [Update a zone entry point ruleset](/ruleset-engine/rulesets-api/update/) operation to define a configuration that executes only two rules from a managed ruleset in the `http_request_firewall_managed` phase. @@ -60,9 +60,7 @@ In this example: }} /> -
- -
+## Account-level example The following `PUT` request uses the [Update an account entry point ruleset](/ruleset-engine/rulesets-api/update/) operation to define a configuration that executes only two rules from a managed ruleset in the `http_request_firewall_managed` phase. @@ -72,6 +70,8 @@ In this example: - `"enabled": false` defines an override at the ruleset level to disable all rules in the managed ruleset. - `"rules": [{"id": "", "action": "block", "enabled": true}, {"id": "", "action": "log", "enabled": true}]` defines a list of overrides at the rule level to enable two individual rules. + + - -
diff --git a/src/content/docs/ruleset-engine/managed-rulesets/override-examples/override-ddos-rule-sensitivity.mdx b/src/content/docs/ruleset-engine/managed-rulesets/override-examples/override-ddos-rule-sensitivity.mdx index 52f5bffecd4e5ae..b770446b2deacad 100644 --- a/src/content/docs/ruleset-engine/managed-rulesets/override-examples/override-ddos-rule-sensitivity.mdx +++ b/src/content/docs/ruleset-engine/managed-rulesets/override-examples/override-ddos-rule-sensitivity.mdx @@ -12,13 +12,13 @@ Follow the steps below to override the sensitivity of a specific rule of the Clo 1. [Add a rule](/ruleset-engine/basic-operations/deploy-rulesets/) to a phase to deploy the Cloudflare HTTP DDoS Attack Protection managed ruleset. You only need to deploy this specific ruleset when you wish to define one or more overrides, since it is enabled by default. 2. [Configure a rule override](/ruleset-engine/managed-rulesets/override-managed-ruleset/) that sets the `sensitivity_level` of a specific rule. +## Example + The following example uses the [Update a zone entry point ruleset](/ruleset-engine/rulesets-api/update/) operation to execute the two steps in a single `PUT` request. - Set the rules in the `ddos_l7` phase entry point ruleset to a single rule that executes the Cloudflare HTTP DDoS Attack Protection managed ruleset (with ID ``). - Create an override for the rule with ID `` and set the rule sensitivity to `low`. All other rules use the default sensitivity defined by Cloudflare. -
- - -
diff --git a/src/content/docs/ruleset-engine/managed-rulesets/override-examples/override-ruleset-tag-rule.mdx b/src/content/docs/ruleset-engine/managed-rulesets/override-examples/override-ruleset-tag-rule.mdx index a7d93075fcbbc8a..5adea39934af78e 100644 --- a/src/content/docs/ruleset-engine/managed-rulesets/override-examples/override-ruleset-tag-rule.mdx +++ b/src/content/docs/ruleset-engine/managed-rulesets/override-examples/override-ruleset-tag-rule.mdx @@ -5,7 +5,7 @@ sidebar: order: 5 --- -import { Details, APIRequest } from "~/components"; +import { Details, APIRequest, Render } from "~/components"; Customize the execution of managed rulesets with a combination of ruleset overrides, tag overrides, and rule overrides in your phase entry point ruleset. @@ -14,14 +14,14 @@ Customize the execution of managed rulesets with a combination of ruleset overri 3. [Configure a tag override](/ruleset-engine/managed-rulesets/override-managed-ruleset/) that sets an action for rules with a given tag. 4. [Configure a rule override](/ruleset-engine/managed-rulesets/override-managed-ruleset/) that sets an action for the rules you want to execute. -The request below uses the [Update a zone entry point ruleset](/ruleset-engine/rulesets-api/update/) operation to execute the following in a single `PUT` request: +## Zone-level example + +This example uses the [Update a zone entry point ruleset](/ruleset-engine/rulesets-api/update/) operation to execute the following in a single `PUT` request: - Add a rule to the `http_request_firewall_managed` phase entry point ruleset that executes a managed ruleset. - Use category overrides to enable rules with `wordpress` and `drupal` tags and set their actions to `log`. - Add a rule override that enables a single rule. -
- In this example: - `"id": ""` defines the managed ruleset to execute for requests addressed to a zone (`$ZONE_ID`). @@ -70,9 +70,13 @@ In this example: }} /> -
+## Account-level example -
+This example uses the [Update an account entry point ruleset](/ruleset-engine/rulesets-api/update/) operation to execute the following in a single `PUT` request: + +- Add a rule to the `http_request_firewall_managed` phase entry point ruleset that executes a managed ruleset for the zone `example.com`. +- Use category overrides to enable rules with `wordpress` and `drupal` tags and set their actions to `log`. +- Add a rule override that enables a single rule. In this example: @@ -81,6 +85,8 @@ In this example: - `"categories": [{"category": "wordpress", "action": "log", "enabled": true}, {"category": "drupal", "action": "log", "enabled": true}]` defines an override at the tag level to enable rules tagged with `wordpress` or `drupal` and sets their action to `log`. - `"rules": [{"id": "", "action": "block", "enabled": true}]` defines an override at the rule level that enables one individual rule and sets the action to `block`. + + - -
diff --git a/src/content/docs/ruleset-engine/rules-language/actions.mdx b/src/content/docs/ruleset-engine/rules-language/actions.mdx index 60228376c2dc850..4cae7c00c46dfb2 100644 --- a/src/content/docs/ruleset-engine/rules-language/actions.mdx +++ b/src/content/docs/ruleset-engine/rules-language/actions.mdx @@ -92,6 +92,9 @@ The available actions depend on the [phase](/ruleset-engine/about/phases/) where

Matching requests are denied access to the site.

+

Depending on the Cloudflare product performing the block action, the HTTP status code can be 403 (most security features) or 429 (for example, rate limiting rules).

+

Customers on paid plans can customize the HTML error page displayed to website visitors due to the block action. Refer to Error Pages for more information.

+

Customers in Pro plans and above can customize the response (HTML, JSON, XML, or plain text) and the response status code for each custom rule or rate limiting rule that triggers a block action.

Yes @@ -265,7 +268,7 @@ The available actions depend on the [phase](/ruleset-engine/about/phases/) where No - + Set Cache Settings

@@ -277,7 +280,7 @@ The available actions depend on the [phase](/ruleset-engine/about/phases/) where Cache Rules allows you to customize cache settings on Cloudflare.

- Only available for Cache Rules, in the http_request_cache_settings phase. + Only available for Cache Rules, in the http_request_cache_settings phase.

In the Cloudflare dashboard, this action is not listed in action selection dropdowns. To use this action, create a cache rule. @@ -285,6 +288,46 @@ The available actions depend on the [phase](/ruleset-engine/about/phases/) where No + + + Serve Error
+
+ API value:
+ serve_error + + +

+ Serves error content to the website visitor, according to the custom error rule configuration. +

+

+ Only available for Custom Error Rules, in the http_custom_errors phase. +

+

+ In the Cloudflare dashboard, this action is not listed in action selection dropdowns. To use this action, create a custom error rule. +

+ + Yes + + + + Log custom field
+
+ API value:
+ log_custom_field + + +

+ Configures custom fields for Logpush jobs in a zone. +

+

+ Only available for custom fields, in the http_log_custom_fields phase. +

+

+ In the Cloudflare dashboard, this action is not listed in action selection dropdowns. To use this action, configure custom log fields for Logpush jobs. +

+ + Yes + diff --git a/src/content/docs/ruleset-engine/rules-language/operators.mdx b/src/content/docs/ruleset-engine/rules-language/operators.mdx index f4dfae71bce10cf..5ab14d8b8de7cde 100644 --- a/src/content/docs/ruleset-engine/rules-language/operators.mdx +++ b/src/content/docs/ruleset-engine/rules-language/operators.mdx @@ -221,7 +221,7 @@ String comparison in rule expressions is case-sensitive. To account for possible lower(http.request.uri.path) contains "/wp-login.php" ``` -Wildcard matching is only supported with the `wildcard` and `strict wildcard` operators, and regular expression matching is only supported with the `matches` operator. +[Wildcard matching](#wildcard-matching) is only supported with the `wildcard` and `strict wildcard` operators, and [regular expression matching](#regular-expression-matching) is only supported with the `matches` operator. ### Wildcard matching @@ -262,6 +262,8 @@ http.request.full_uri wildcard "*.example.com/*/page.html" # - https://sub.example.com/a/ ('page.html' is missing) ``` +Slashes (`/`) have no special meaning in wildcard matches. In this example, the second `*` metacharacter in the expression `http.request.full_uri wildcard "*.example.com/*/page.html"` matched `folder`, `team`, and `team/subteam`. +
diff --git a/src/content/docs/ruleset-engine/rulesets-api/json-object.mdx b/src/content/docs/ruleset-engine/rulesets-api/json-object.mdx index 8190115b6a85e6b..c92d73e8afc2fff 100644 --- a/src/content/docs/ruleset-engine/rulesets-api/json-object.mdx +++ b/src/content/docs/ruleset-engine/rulesets-api/json-object.mdx @@ -39,33 +39,27 @@ A fully populated ruleset object has the following JSON structure. The ruleset object has the following properties: - `id` - - A 32-character UUIDv4 string that represents the unique Cloudflare-generated identifier for a given version of a ruleset. - Unique, read-only. - `name` - - A human-readable name for the ruleset. - The name is immutable. You cannot change the name over the lifetime of the ruleset. - `description` - - Optional description for the ruleset. - You can change the description over the lifetime of the ruleset. - `kind` - - The kind of ruleset the JSON object represents. - One of `root`, `zone`, `managed`, `custom`. - `kind` is immutable. - `version` - - The version of the ruleset. - Read-only value starting at `1` and incremented by `1` each time the ruleset is modified. - `rules` - - A list of rules to include in the ruleset. Refer to [Rule object structure and properties](/ruleset-engine/rulesets-api/json-object/#rule-object-structure-and-properties) for details. - `last_updated` @@ -80,10 +74,15 @@ A fully populated rule JSON object has the following structure: { "id": "fdb0dd271f3f40b19679cc5d91396024", "version": "2", + "ref": "", + "description": "", "action": "block", - "categories": ["wordpress"], + "action_parameters": [ + // action parameters vary according to the action + ], + "categories": ["", ""], "expression": "cf.zone.name eq \"example.com\"", - "last_updated": "2022-07-20T10:44:29.124515Z", + "last_updated": "2025-07-20T10:44:29.124515Z", "enabled": true } ``` @@ -91,33 +90,38 @@ A fully populated rule JSON object has the following structure: The JSON object properties for a rule are defined as follows: - `id` - - A 32-character UUIDv4 string that represents the unique Cloudflare-generated identifier for a given version of a rule. - Unique, read-only. - `version` - - The version of the rule. - Read-only value starting at `1` and incremented by `1` each time the rule is modified. - Changing the order of a rule in a ruleset does not change its version. -- `action` +- `ref` + - A user-defined external identifier that must be unique for each rule in a ruleset. + - Use this field in your Terraform configuration to prevent Terraform from recreating the rule on changes. Refer to [How to keep the same rule ID between modifications](/terraform/troubleshooting/rule-id-changes/#how-to-keep-the-same-rule-id-between-modifications) for more information. + +- `description` + - A descriptive name of the rule. +- `action` - Defines what happens when there is a match for the rule expression. - - The available actions depend on the [phase](/ruleset-engine/about/phases/) where the rule's ruleset is executed. + - The available [actions](/ruleset-engine/rules-language/actions/) depend on the [phase](/ruleset-engine/about/phases/) where the rule's ruleset is executed. -- `categories` +- `action_parameters` + - One or more parameters configuring the rule action. + - The exact properties vary according to the action. Refer to each Cloudflare product's API instructions for more information. +- `categories` - Tags associated with the current rule. You can define overrides that affect rules with a given tag. - Read-only. Only available in [WAF Managed Rules](/waf/managed-rules/) and [DDoS managed rulesets](/ddos-protection/managed-rulesets/). - `expression` - - Criteria defining when there is a match for the current rule. - The fields and functions you can use in a rule expression depend on the phase where the rule's ruleset is executed. - `last_updated` - - The time (UTC) when the rule was last updated in ISO 8601 format: `YYYY-MM-DDThh:mm:ss.TZD`. - Read-only. diff --git a/src/content/fields/index.yaml b/src/content/fields/index.yaml index 5a04fe6ff4467fc..35082f002928aa0 100644 --- a/src/content/fields/index.yaml +++ b/src/content/fields/index.yaml @@ -1958,6 +1958,8 @@ entries: categories: [Response] keywords: [response] summary: The HTTP status code returned to the client, either set by a Cloudflare product or returned by the origin server. + description: |- + **Note**: The availability of HTTP response fields depends on the exact Cloudflare feature and your Cloudflare plan. example_value: |- 403 @@ -1972,6 +1974,8 @@ entries: - **Decoding**: No decoding performed - **Whitespace**: Preserved - **Non-ASCII**: Preserved + + **Note**: The availability of HTTP response fields depends on the exact Cloudflare feature and your Cloudflare plan. example_value: |- {"server": ["nginx"]} example_block: |- @@ -1992,6 +1996,8 @@ entries: - **Decoding**: No decoding performed - **Whitespace**: Preserved - **Non-ASCII**: Preserved + + **Note**: The availability of HTTP response fields depends on the exact Cloudflare feature and your Cloudflare plan. example_value: |- ["content-type"] example_block: |- @@ -2012,6 +2018,8 @@ entries: - **Decoding**: No decoding performed - **Whitespace**: Preserved - **Non-ASCII**: Preserved + + **Note**: The availability of HTTP response fields depends on the exact Cloudflare feature and your Cloudflare plan. example_value: |- Example 1: ["application/json"] Example 2: ["This header value is longer than 10 bytes"] @@ -2041,6 +2049,7 @@ entries: | `text/HTML` | `"text/html"` | | `text/html; charset=utf-8; other=value` | `"text/html"` | + **Note**: The availability of HTTP response fields depends on the exact Cloudflare feature and your Cloudflare plan. - name: cf.response.1xxx_code data_type: Integer categories: [Response] diff --git a/src/content/partials/ruleset-engine/deploy-account-ruleset-requirement.mdx b/src/content/partials/ruleset-engine/deploy-account-ruleset-requirement.mdx new file mode 100644 index 000000000000000..8d2fff9efbd783d --- /dev/null +++ b/src/content/partials/ruleset-engine/deploy-account-ruleset-requirement.mdx @@ -0,0 +1,7 @@ +--- +{} +--- + +:::note +At the account level, the rule expression of an `execute` rule must end with `and cf.zone.plan eq "ENT"` so that it only applies to zones on an Enterprise plan. +:::