Viewing docs for Cloudflare v4.16.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
Viewing docs for Cloudflare v4.16.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
Import
Import an account scoped Ruleset configuration.
$ pulumi import cloudflare:index/ruleset:Ruleset example account/<account_id>/<ruleset_id>
Import a zone scoped Ruleset configuration.
$ pulumi import cloudflare:index/ruleset:Ruleset example zone/<zone_id>/<ruleset_id>
Example Usage
Example coming soon!
Example coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.Ruleset;
import com.pulumi.cloudflare.RulesetArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersOverridesArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersUriArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersUriPathArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersUriQueryArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleRatelimitArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersOriginArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersBrowserTtlArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyCookieArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyHeaderArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyHostArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyQueryStringArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyUserArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersEdgeTtlArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersServeStaleArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersFromListArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersFromValueArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersFromValueTargetUrlArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var magicTransitExample = new Ruleset("magicTransitExample", RulesetArgs.builder()
.accountId("f037e56e89293a057740de681ac9abbe")
.description("example magic transit ruleset description")
.kind("root")
.name("account magic transit")
.phase("magic_transit")
.rules(RulesetRuleArgs.builder()
.action("allow")
.description("Allow TCP Ephemeral Ports")
.expression("tcp.dstport in { 32768..65535 }")
.build())
.build());
var zoneLevelManagedWaf = new Ruleset("zoneLevelManagedWaf", RulesetArgs.builder()
.description("managed WAF ruleset description")
.kind("zone")
.name("managed WAF")
.phase("http_request_firewall_managed")
.rules(RulesetRuleArgs.builder()
.action("execute")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.id("efb7b8c949ac4650a09736fc376e9aee")
.build())
.description("Execute Cloudflare Managed Ruleset on my zone-level phase entry point ruleset")
.enabled(true)
.expression("(http.host eq \"example.host.com\")")
.build())
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.build());
var zoneLevelManagedWafWithCategoryBasedOverrides = new Ruleset("zoneLevelManagedWafWithCategoryBasedOverrides", RulesetArgs.builder()
.description("managed WAF with tag-based overrides ruleset description")
.kind("zone")
.name("managed WAF with tag-based overrides")
.phase("http_request_firewall_managed")
.rules(RulesetRuleArgs.builder()
.action("execute")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.id("efb7b8c949ac4650a09736fc376e9aee")
.overrides(RulesetRuleActionParametersOverridesArgs.builder()
.categories(
RulesetRuleActionParametersOverridesCategoryArgs.builder()
.action("block")
.category("wordpress")
.status("enabled")
.build(),
RulesetRuleActionParametersOverridesCategoryArgs.builder()
.action("block")
.category("joomla")
.status("enabled")
.build())
.build())
.build())
.description("overrides to only enable wordpress rules to block")
.enabled(false)
.expression("(http.host eq \"example.host.com\")")
.build())
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.build());
var transformUriRulePath = new Ruleset("transformUriRulePath", RulesetArgs.builder()
.description("change the URI path to a new static path")
.kind("zone")
.name("transform rule for URI path")
.phase("http_request_transform")
.rules(RulesetRuleArgs.builder()
.action("rewrite")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.uri(RulesetRuleActionParametersUriArgs.builder()
.path(RulesetRuleActionParametersUriPathArgs.builder()
.value("/my-new-route")
.build())
.build())
.build())
.description("example URI path transform rule")
.enabled(true)
.expression("(http.host eq \"example.com\" and http.request.uri.path eq \"/old-path\")")
.build())
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.build());
var transformUriRuleQuery = new Ruleset("transformUriRuleQuery", RulesetArgs.builder()
.description("change the URI query to a new static query")
.kind("zone")
.name("transform rule for URI query parameter")
.phase("http_request_transform")
.rules(RulesetRuleArgs.builder()
.action("rewrite")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.uri(RulesetRuleActionParametersUriArgs.builder()
.query(RulesetRuleActionParametersUriQueryArgs.builder()
.value("old=new_again")
.build())
.build())
.build())
.description("URI transformation query example")
.enabled(true)
.expression("(http.host eq \"example.host.com\")")
.build())
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.build());
var transformUriHttpHeaders = new Ruleset("transformUriHttpHeaders", RulesetArgs.builder()
.description("modify HTTP headers before reaching origin")
.kind("zone")
.name("transform rule for HTTP headers")
.phase("http_request_late_transform")
.rules(RulesetRuleArgs.builder()
.action("rewrite")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.headers(
RulesetRuleActionParametersHeaderArgs.builder()
.name("example-http-header-1")
.operation("set")
.value("my-http-header-value-1")
.build(),
RulesetRuleActionParametersHeaderArgs.builder()
.expression("cf.zone.name")
.name("example-http-header-2")
.operation("set")
.build(),
RulesetRuleActionParametersHeaderArgs.builder()
.name("example-http-header-3-to-remove")
.operation("remove")
.build())
.build())
.description("example request header transform rule")
.enabled(false)
.expression("(http.host eq \"example.host.com\")")
.build())
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.build());
var rateLimitingExample = new Ruleset("rateLimitingExample", RulesetArgs.builder()
.description("apply HTTP rate limiting for a route")
.kind("zone")
.name("restrict API requests count")
.phase("http_ratelimit")
.rules(RulesetRuleArgs.builder()
.action("block")
.description("rate limit for API")
.enabled(true)
.expression("(http.request.uri.path matches \"^/api/\")")
.ratelimit(RulesetRuleRatelimitArgs.builder()
.characteristics(
"cf.colo.id",
"ip.src")
.mitigationTimeout(600)
.period(60)
.requestsPerPeriod(100)
.build())
.build())
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.build());
var httpOriginExample = new Ruleset("httpOriginExample", RulesetArgs.builder()
.description("Change origin for a route")
.kind("zone")
.name("Change to some origin")
.phase("http_request_origin")
.rules(RulesetRuleArgs.builder()
.action("route")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.hostHeader("some.host")
.origin(RulesetRuleActionParametersOriginArgs.builder()
.host("some.host")
.port(80)
.build())
.build())
.description("change origin to some.host")
.enabled(true)
.expression("(http.request.uri.path matches \"^/api/\")")
.build())
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.build());
var customFieldsLoggingExample = new Ruleset("customFieldsLoggingExample", RulesetArgs.builder()
.description("add custom fields to logging")
.kind("zone")
.name("log custom fields")
.phase("http_log_custom_fields")
.rules(RulesetRuleArgs.builder()
.action("log_custom_field")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.cookieFields(
"__ga",
"accountNumber",
"__cfruid")
.requestFields(
"content-type",
"x-forwarded-for",
"host")
.responseFields(
"server",
"content-type",
"allow")
.build())
.description("log custom fields rule")
.enabled(true)
.expression("(http.host eq \"example.host.com\")")
.build())
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.build());
var cacheSettingsExample = new Ruleset("cacheSettingsExample", RulesetArgs.builder()
.description("set cache settings for the request")
.kind("zone")
.name("set cache settings")
.phase("http_request_cache_settings")
.rules(RulesetRuleArgs.builder()
.action("set_cache_settings")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.browserTtl(RulesetRuleActionParametersBrowserTtlArgs.builder()
.mode("respect_origin")
.build())
.cacheKey(RulesetRuleActionParametersCacheKeyArgs.builder()
.cacheDeceptionArmor(true)
.customKey(RulesetRuleActionParametersCacheKeyCustomKeyArgs.builder()
.cookie(RulesetRuleActionParametersCacheKeyCustomKeyCookieArgs.builder()
.checkPresence(
"cabc_t",
"cdef_t")
.include(
"cabc",
"cdef")
.build())
.header(RulesetRuleActionParametersCacheKeyCustomKeyHeaderArgs.builder()
.checkPresence(
"habc_t",
"hdef_t")
.excludeOrigin(true)
.include(
"habc",
"hdef")
.build())
.host(RulesetRuleActionParametersCacheKeyCustomKeyHostArgs.builder()
.resolved(true)
.build())
.queryString(RulesetRuleActionParametersCacheKeyCustomKeyQueryStringArgs.builder()
.exclude("*")
.build())
.user(RulesetRuleActionParametersCacheKeyCustomKeyUserArgs.builder()
.deviceType(true)
.geo(false)
.build())
.build())
.ignoreQueryStringsOrder(false)
.build())
.edgeTtl(RulesetRuleActionParametersEdgeTtlArgs.builder()
.default_(60)
.mode("override_origin")
.statusCodeTtl(
%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference),
%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.build())
.originErrorPagePassthru(false)
.respectStrongEtags(true)
.serveStale(RulesetRuleActionParametersServeStaleArgs.builder()
.disableStaleWhileUpdating(true)
.build())
.build())
.description("set cache settings rule")
.enabled(true)
.expression("(http.host eq \"example.host.com\")")
.build())
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.build());
var redirectFromListExample = new Ruleset("redirectFromListExample", RulesetArgs.builder()
.accountId("f037e56e89293a057740de681ac9abbe")
.description("Redirect ruleset")
.kind("root")
.name("redirects")
.phase("http_request_redirect")
.rules(RulesetRuleArgs.builder()
.action("redirect")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.fromList(RulesetRuleActionParametersFromListArgs.builder()
.key("http.request.full_uri")
.name("redirect_list")
.build())
.build())
.description("Apply redirects from redirect_list")
.enabled(true)
.expression("http.request.full_uri in $redirect_list")
.build())
.build());
var redirectFromValueExample = new Ruleset("redirectFromValueExample", RulesetArgs.builder()
.description("Redirect ruleset")
.kind("root")
.name("redirects")
.phase("http_request_dynamic_redirect")
.rules(RulesetRuleArgs.builder()
.action("redirect")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.fromValue(RulesetRuleActionParametersFromValueArgs.builder()
.preserveQueryString(true)
.statusCode(301)
.targetUrl(RulesetRuleActionParametersFromValueTargetUrlArgs.builder()
.value("some_host.com")
.build())
.build())
.build())
.description("Apply redirect from value")
.enabled(true)
.expression("(http.request.uri.path matches \"^/api/\")")
.build())
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.build());
var httpCustomErrorExample = new Ruleset("httpCustomErrorExample", RulesetArgs.builder()
.description("Serve some error response")
.kind("zone")
.name("Serve some error response")
.phase("http_custom_errors")
.rules(RulesetRuleArgs.builder()
.action("serve_error")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.content("some error html")
.contentType("text/html")
.statusCode("530")
.build())
.description("serve some error response")
.enabled(true)
.expression("(http.request.uri.path matches \"^/api/\")")
.build())
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.build());
var httpConfigRulesExample = new Ruleset("httpConfigRulesExample", RulesetArgs.builder()
.description("set config rules for request")
.kind("zone")
.name("set config rules")
.phase("http_config_settings")
.rules(RulesetRuleArgs.builder()
.action("set_config")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.bic(true)
.emailObfuscation(true)
.build())
.description("set config rules for matching request")
.enabled(true)
.expression("(http.request.uri.path matches \"^/api/\")")
.build())
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.build());
}
}
Example coming soon!
Example coming soon!
resources:
# Magic Transit
magicTransitExample:
type: cloudflare:Ruleset
properties:
accountId: f037e56e89293a057740de681ac9abbe
description: example magic transit ruleset description
kind: root
name: account magic transit
phase: magic_transit
rules:
- action: allow
description: Allow TCP Ephemeral Ports
expression: tcp.dstport in { 32768..65535 }
# Zone-level WAF Managed Ruleset
zoneLevelManagedWaf:
type: cloudflare:Ruleset
properties:
description: managed WAF ruleset description
kind: zone
name: managed WAF
phase: http_request_firewall_managed
rules:
- action: execute
actionParameters:
id: efb7b8c949ac4650a09736fc376e9aee
description: Execute Cloudflare Managed Ruleset on my zone-level phase entry point ruleset
enabled: true
expression: (http.host eq "example.host.com")
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
# Zone-level WAF with tag-based overrides
zoneLevelManagedWafWithCategoryBasedOverrides:
type: cloudflare:Ruleset
properties:
description: managed WAF with tag-based overrides ruleset description
kind: zone
name: managed WAF with tag-based overrides
phase: http_request_firewall_managed
rules:
- action: execute
actionParameters:
id: efb7b8c949ac4650a09736fc376e9aee
overrides:
categories:
- action: block
category: wordpress
status: enabled
- action: block
category: joomla
status: enabled
description: overrides to only enable wordpress rules to block
enabled: false
expression: (http.host eq "example.host.com")
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
# Rewrite the URI path component to a static path
transformUriRulePath:
type: cloudflare:Ruleset
properties:
description: change the URI path to a new static path
kind: zone
name: transform rule for URI path
phase: http_request_transform
rules:
- action: rewrite
actionParameters:
uri:
path:
value: /my-new-route
description: example URI path transform rule
enabled: true
expression: (http.host eq "example.com" and http.request.uri.path eq "/old-path")
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
# Rewrite the URI query component to a static query
transformUriRuleQuery:
type: cloudflare:Ruleset
properties:
description: change the URI query to a new static query
kind: zone
name: transform rule for URI query parameter
phase: http_request_transform
rules:
- action: rewrite
actionParameters:
uri:
query:
value: old=new_again
description: URI transformation query example
enabled: true
expression: (http.host eq "example.host.com")
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
# Rewrite HTTP headers to a modified values
transformUriHttpHeaders:
type: cloudflare:Ruleset
properties:
description: modify HTTP headers before reaching origin
kind: zone
name: transform rule for HTTP headers
phase: http_request_late_transform
rules:
- action: rewrite
actionParameters:
headers:
- name: example-http-header-1
operation: set
value: my-http-header-value-1
- expression: cf.zone.name
name: example-http-header-2
operation: set
- name: example-http-header-3-to-remove
operation: remove
description: example request header transform rule
enabled: false
expression: (http.host eq "example.host.com")
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
# HTTP rate limit for an API route
rateLimitingExample:
type: cloudflare:Ruleset
properties:
description: apply HTTP rate limiting for a route
kind: zone
name: restrict API requests count
phase: http_ratelimit
rules:
- action: block
description: rate limit for API
enabled: true
expression: (http.request.uri.path matches "^/api/")
ratelimit:
characteristics:
- cf.colo.id
- ip.src
mitigationTimeout: 600
period: 60
requestsPerPeriod: 100
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
# Change origin for an API route
httpOriginExample:
type: cloudflare:Ruleset
properties:
description: Change origin for a route
kind: zone
name: Change to some origin
phase: http_request_origin
rules:
- action: route
actionParameters:
hostHeader: some.host
origin:
host: some.host
port: 80
description: change origin to some.host
enabled: true
expression: (http.request.uri.path matches "^/api/")
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
# Custom fields logging
customFieldsLoggingExample:
type: cloudflare:Ruleset
properties:
description: add custom fields to logging
kind: zone
name: log custom fields
phase: http_log_custom_fields
rules:
- action: log_custom_field
actionParameters:
cookieFields:
- __ga
- accountNumber
- __cfruid
requestFields:
- content-type
- x-forwarded-for
- host
responseFields:
- server
- content-type
- allow
description: log custom fields rule
enabled: true
expression: (http.host eq "example.host.com")
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
# Custom cache keys + settings
cacheSettingsExample:
type: cloudflare:Ruleset
properties:
description: set cache settings for the request
kind: zone
name: set cache settings
phase: http_request_cache_settings
rules:
- action: set_cache_settings
actionParameters:
browserTtl:
mode: respect_origin
cacheKey:
cacheDeceptionArmor: true
customKey:
cookie:
checkPresence:
- cabc_t
- cdef_t
include:
- cabc
- cdef
header:
checkPresence:
- habc_t
- hdef_t
excludeOrigin: true
include:
- habc
- hdef
host:
resolved: true
queryString:
exclude:
- '*'
user:
deviceType: true
geo: false
ignoreQueryStringsOrder: false
edgeTtl:
default: 60
mode: override_origin
statusCodeTtl:
- statusCode: 200
value: 50
- statusCodeRange:
- from: 201
to: 300
value: 30
originErrorPagePassthru: false
respectStrongEtags: true
serveStale:
disableStaleWhileUpdating: true
description: set cache settings rule
enabled: true
expression: (http.host eq "example.host.com")
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
# Redirects based on a List resource
redirectFromListExample:
type: cloudflare:Ruleset
properties:
accountId: f037e56e89293a057740de681ac9abbe
description: Redirect ruleset
kind: root
name: redirects
phase: http_request_redirect
rules:
- action: redirect
actionParameters:
fromList:
key: http.request.full_uri
name: redirect_list
description: Apply redirects from redirect_list
enabled: true
expression: http.request.full_uri in $redirect_list
# Dynamic Redirects from value resource
redirectFromValueExample:
type: cloudflare:Ruleset
properties:
description: Redirect ruleset
kind: root
name: redirects
phase: http_request_dynamic_redirect
rules:
- action: redirect
actionParameters:
fromValue:
preserveQueryString: true
statusCode: 301
targetUrl:
value: some_host.com
description: Apply redirect from value
enabled: true
expression: (http.request.uri.path matches "^/api/")
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
# Serve some custom error response
httpCustomErrorExample:
type: cloudflare:Ruleset
properties:
description: Serve some error response
kind: zone
name: Serve some error response
phase: http_custom_errors
rules:
- action: serve_error
actionParameters:
content: some error html
contentType: text/html
statusCode: '530'
description: serve some error response
enabled: true
expression: (http.request.uri.path matches "^/api/")
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
# Set Configuration Rules for an API route
httpConfigRulesExample:
type: cloudflare:Ruleset
properties:
description: set config rules for request
kind: zone
name: set config rules
phase: http_config_settings
rules:
- action: set_config
actionParameters:
bic: true
emailObfuscation: true
description: set config rules for matching request
enabled: true
expression: (http.request.uri.path matches "^/api/")
zoneId: 0da42c8d2132a9ddaf714f9e7c920711
Create Ruleset Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Ruleset(name: string, args: RulesetArgs, opts?: CustomResourceOptions);@overload
def Ruleset(resource_name: str,
args: RulesetArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Ruleset(resource_name: str,
opts: Optional[ResourceOptions] = None,
kind: Optional[str] = None,
name: Optional[str] = None,
phase: Optional[str] = None,
account_id: Optional[str] = None,
description: Optional[str] = None,
rules: Optional[Sequence[RulesetRuleArgs]] = None,
shareable_entitlement_name: Optional[str] = None,
zone_id: Optional[str] = None)func NewRuleset(ctx *Context, name string, args RulesetArgs, opts ...ResourceOption) (*Ruleset, error)public Ruleset(string name, RulesetArgs args, CustomResourceOptions? opts = null)
public Ruleset(String name, RulesetArgs args)
public Ruleset(String name, RulesetArgs args, CustomResourceOptions options)
type: cloudflare:Ruleset
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RulesetArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RulesetArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RulesetArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RulesetArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RulesetArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var rulesetResource = new Cloudflare.Ruleset("rulesetResource", new()
{
Kind = "string",
Name = "string",
Phase = "string",
AccountId = "string",
Description = "string",
Rules = new[]
{
new Cloudflare.Inputs.RulesetRuleArgs
{
Expression = "string",
Action = "string",
ActionParameters = new Cloudflare.Inputs.RulesetRuleActionParametersArgs
{
AutomaticHttpsRewrites = false,
Autominifies = new[]
{
new Cloudflare.Inputs.RulesetRuleActionParametersAutominifyArgs
{
Css = false,
Html = false,
Js = false,
},
},
Bic = false,
BrowserTtl = new Cloudflare.Inputs.RulesetRuleActionParametersBrowserTtlArgs
{
Mode = "string",
Default = 0,
},
Cache = false,
CacheKey = new Cloudflare.Inputs.RulesetRuleActionParametersCacheKeyArgs
{
CacheByDeviceType = false,
CacheDeceptionArmor = false,
CustomKey = new Cloudflare.Inputs.RulesetRuleActionParametersCacheKeyCustomKeyArgs
{
Cookie = new Cloudflare.Inputs.RulesetRuleActionParametersCacheKeyCustomKeyCookieArgs
{
CheckPresences = new[]
{
"string",
},
Includes = new[]
{
"string",
},
},
Header = new Cloudflare.Inputs.RulesetRuleActionParametersCacheKeyCustomKeyHeaderArgs
{
CheckPresences = new[]
{
"string",
},
ExcludeOrigin = false,
Includes = new[]
{
"string",
},
},
Host = new Cloudflare.Inputs.RulesetRuleActionParametersCacheKeyCustomKeyHostArgs
{
Resolved = false,
},
QueryString = new Cloudflare.Inputs.RulesetRuleActionParametersCacheKeyCustomKeyQueryStringArgs
{
Excludes = new[]
{
"string",
},
Includes = new[]
{
"string",
},
},
User = new Cloudflare.Inputs.RulesetRuleActionParametersCacheKeyCustomKeyUserArgs
{
DeviceType = false,
Geo = false,
Lang = false,
},
},
IgnoreQueryStringsOrder = false,
},
Content = "string",
ContentType = "string",
CookieFields = new[]
{
"string",
},
DisableApps = false,
DisableRailgun = false,
DisableZaraz = false,
EdgeTtl = new Cloudflare.Inputs.RulesetRuleActionParametersEdgeTtlArgs
{
Mode = "string",
Default = 0,
StatusCodeTtls = new[]
{
new Cloudflare.Inputs.RulesetRuleActionParametersEdgeTtlStatusCodeTtlArgs
{
Value = 0,
StatusCode = 0,
StatusCodeRanges = new[]
{
new Cloudflare.Inputs.RulesetRuleActionParametersEdgeTtlStatusCodeTtlStatusCodeRangeArgs
{
From = 0,
To = 0,
},
},
},
},
},
EmailObfuscation = false,
FromList = new Cloudflare.Inputs.RulesetRuleActionParametersFromListArgs
{
Key = "string",
Name = "string",
},
FromValue = new Cloudflare.Inputs.RulesetRuleActionParametersFromValueArgs
{
PreserveQueryString = false,
StatusCode = 0,
TargetUrl = new Cloudflare.Inputs.RulesetRuleActionParametersFromValueTargetUrlArgs
{
Expression = "string",
Value = "string",
},
},
Headers = new[]
{
new Cloudflare.Inputs.RulesetRuleActionParametersHeaderArgs
{
Expression = "string",
Name = "string",
Operation = "string",
Value = "string",
},
},
HostHeader = "string",
HotlinkProtection = false,
Id = "string",
Increment = 0,
MatchedData = new Cloudflare.Inputs.RulesetRuleActionParametersMatchedDataArgs
{
PublicKey = "string",
},
Mirage = false,
OpportunisticEncryption = false,
Origin = new Cloudflare.Inputs.RulesetRuleActionParametersOriginArgs
{
Host = "string",
Port = 0,
},
OriginErrorPagePassthru = false,
Overrides = new Cloudflare.Inputs.RulesetRuleActionParametersOverridesArgs
{
Action = "string",
Categories = new[]
{
new Cloudflare.Inputs.RulesetRuleActionParametersOverridesCategoryArgs
{
Action = "string",
Category = "string",
Status = "string",
},
},
Rules = new[]
{
new Cloudflare.Inputs.RulesetRuleActionParametersOverridesRuleArgs
{
Action = "string",
Id = "string",
ScoreThreshold = 0,
SensitivityLevel = "string",
Status = "string",
},
},
SensitivityLevel = "string",
Status = "string",
},
Phases = new[]
{
"string",
},
Polish = "string",
Products = new[]
{
"string",
},
RequestFields = new[]
{
"string",
},
RespectStrongEtags = false,
ResponseFields = new[]
{
"string",
},
Responses = new[]
{
new Cloudflare.Inputs.RulesetRuleActionParametersResponseArgs
{
Content = "string",
ContentType = "string",
StatusCode = 0,
},
},
RocketLoader = false,
Rules =
{
{ "string", "string" },
},
Ruleset = "string",
Rulesets = new[]
{
"string",
},
SecurityLevel = "string",
ServeStale = new Cloudflare.Inputs.RulesetRuleActionParametersServeStaleArgs
{
DisableStaleWhileUpdating = false,
},
ServerSideExcludes = false,
Sni = new Cloudflare.Inputs.RulesetRuleActionParametersSniArgs
{
Value = "string",
},
Ssl = "string",
StatusCode = 0,
Sxg = false,
Uri = new Cloudflare.Inputs.RulesetRuleActionParametersUriArgs
{
Origin = false,
Path = new Cloudflare.Inputs.RulesetRuleActionParametersUriPathArgs
{
Expression = "string",
Value = "string",
},
Query = new Cloudflare.Inputs.RulesetRuleActionParametersUriQueryArgs
{
Expression = "string",
Value = "string",
},
},
Version = "string",
},
Description = "string",
Enabled = false,
ExposedCredentialCheck = new Cloudflare.Inputs.RulesetRuleExposedCredentialCheckArgs
{
PasswordExpression = "string",
UsernameExpression = "string",
},
Id = "string",
LastUpdated = "string",
Logging = new Cloudflare.Inputs.RulesetRuleLoggingArgs
{
Status = "string",
},
Ratelimit = new Cloudflare.Inputs.RulesetRuleRatelimitArgs
{
Characteristics = new[]
{
"string",
},
CountingExpression = "string",
MitigationTimeout = 0,
Period = 0,
RequestsPerPeriod = 0,
RequestsToOrigin = false,
ScorePerPeriod = 0,
ScoreResponseHeaderName = "string",
},
Ref = "string",
Version = "string",
},
},
ShareableEntitlementName = "string",
ZoneId = "string",
});
example, err := cloudflare.NewRuleset(ctx, "rulesetResource", &cloudflare.RulesetArgs{
Kind: pulumi.String("string"),
Name: pulumi.String("string"),
Phase: pulumi.String("string"),
AccountId: pulumi.String("string"),
Description: pulumi.String("string"),
Rules: cloudflare.RulesetRuleArray{
&cloudflare.RulesetRuleArgs{
Expression: pulumi.String("string"),
Action: pulumi.String("string"),
ActionParameters: &cloudflare.RulesetRuleActionParametersArgs{
AutomaticHttpsRewrites: pulumi.Bool(false),
Autominifies: cloudflare.RulesetRuleActionParametersAutominifyArray{
&cloudflare.RulesetRuleActionParametersAutominifyArgs{
Css: pulumi.Bool(false),
Html: pulumi.Bool(false),
Js: pulumi.Bool(false),
},
},
Bic: pulumi.Bool(false),
BrowserTtl: &cloudflare.RulesetRuleActionParametersBrowserTtlArgs{
Mode: pulumi.String("string"),
Default: pulumi.Int(0),
},
Cache: pulumi.Bool(false),
CacheKey: &cloudflare.RulesetRuleActionParametersCacheKeyArgs{
CacheByDeviceType: pulumi.Bool(false),
CacheDeceptionArmor: pulumi.Bool(false),
CustomKey: &cloudflare.RulesetRuleActionParametersCacheKeyCustomKeyArgs{
Cookie: &cloudflare.RulesetRuleActionParametersCacheKeyCustomKeyCookieArgs{
CheckPresences: pulumi.StringArray{
pulumi.String("string"),
},
Includes: pulumi.StringArray{
pulumi.String("string"),
},
},
Header: &cloudflare.RulesetRuleActionParametersCacheKeyCustomKeyHeaderArgs{
CheckPresences: pulumi.StringArray{
pulumi.String("string"),
},
ExcludeOrigin: pulumi.Bool(false),
Includes: pulumi.StringArray{
pulumi.String("string"),
},
},
Host: &cloudflare.RulesetRuleActionParametersCacheKeyCustomKeyHostArgs{
Resolved: pulumi.Bool(false),
},
QueryString: &cloudflare.RulesetRuleActionParametersCacheKeyCustomKeyQueryStringArgs{
Excludes: pulumi.StringArray{
pulumi.String("string"),
},
Includes: pulumi.StringArray{
pulumi.String("string"),
},
},
User: &cloudflare.RulesetRuleActionParametersCacheKeyCustomKeyUserArgs{
DeviceType: pulumi.Bool(false),
Geo: pulumi.Bool(false),
Lang: pulumi.Bool(false),
},
},
IgnoreQueryStringsOrder: pulumi.Bool(false),
},
Content: pulumi.String("string"),
ContentType: pulumi.String("string"),
CookieFields: pulumi.StringArray{
pulumi.String("string"),
},
DisableApps: pulumi.Bool(false),
DisableRailgun: pulumi.Bool(false),
DisableZaraz: pulumi.Bool(false),
EdgeTtl: &cloudflare.RulesetRuleActionParametersEdgeTtlArgs{
Mode: pulumi.String("string"),
Default: pulumi.Int(0),
StatusCodeTtls: cloudflare.RulesetRuleActionParametersEdgeTtlStatusCodeTtlArray{
&cloudflare.RulesetRuleActionParametersEdgeTtlStatusCodeTtlArgs{
Value: pulumi.Int(0),
StatusCode: pulumi.Int(0),
StatusCodeRanges: cloudflare.RulesetRuleActionParametersEdgeTtlStatusCodeTtlStatusCodeRangeArray{
&cloudflare.RulesetRuleActionParametersEdgeTtlStatusCodeTtlStatusCodeRangeArgs{
From: pulumi.Int(0),
To: pulumi.Int(0),
},
},
},
},
},
EmailObfuscation: pulumi.Bool(false),
FromList: &cloudflare.RulesetRuleActionParametersFromListArgs{
Key: pulumi.String("string"),
Name: pulumi.String("string"),
},
FromValue: &cloudflare.RulesetRuleActionParametersFromValueArgs{
PreserveQueryString: pulumi.Bool(false),
StatusCode: pulumi.Int(0),
TargetUrl: &cloudflare.RulesetRuleActionParametersFromValueTargetUrlArgs{
Expression: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
Headers: cloudflare.RulesetRuleActionParametersHeaderArray{
&cloudflare.RulesetRuleActionParametersHeaderArgs{
Expression: pulumi.String("string"),
Name: pulumi.String("string"),
Operation: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
HostHeader: pulumi.String("string"),
HotlinkProtection: pulumi.Bool(false),
Id: pulumi.String("string"),
Increment: pulumi.Int(0),
MatchedData: &cloudflare.RulesetRuleActionParametersMatchedDataArgs{
PublicKey: pulumi.String("string"),
},
Mirage: pulumi.Bool(false),
OpportunisticEncryption: pulumi.Bool(false),
Origin: &cloudflare.RulesetRuleActionParametersOriginArgs{
Host: pulumi.String("string"),
Port: pulumi.Int(0),
},
OriginErrorPagePassthru: pulumi.Bool(false),
Overrides: &cloudflare.RulesetRuleActionParametersOverridesArgs{
Action: pulumi.String("string"),
Categories: cloudflare.RulesetRuleActionParametersOverridesCategoryArray{
&cloudflare.RulesetRuleActionParametersOverridesCategoryArgs{
Action: pulumi.String("string"),
Category: pulumi.String("string"),
Status: pulumi.String("string"),
},
},
Rules: cloudflare.RulesetRuleActionParametersOverridesRuleArray{
&cloudflare.RulesetRuleActionParametersOverridesRuleArgs{
Action: pulumi.String("string"),
Id: pulumi.String("string"),
ScoreThreshold: pulumi.Int(0),
SensitivityLevel: pulumi.String("string"),
Status: pulumi.String("string"),
},
},
SensitivityLevel: pulumi.String("string"),
Status: pulumi.String("string"),
},
Phases: pulumi.StringArray{
pulumi.String("string"),
},
Polish: pulumi.String("string"),
Products: pulumi.StringArray{
pulumi.String("string"),
},
RequestFields: pulumi.StringArray{
pulumi.String("string"),
},
RespectStrongEtags: pulumi.Bool(false),
ResponseFields: pulumi.StringArray{
pulumi.String("string"),
},
Responses: cloudflare.RulesetRuleActionParametersResponseArray{
&cloudflare.RulesetRuleActionParametersResponseArgs{
Content: pulumi.String("string"),
ContentType: pulumi.String("string"),
StatusCode: pulumi.Int(0),
},
},
RocketLoader: pulumi.Bool(false),
Rules: pulumi.StringMap{
"string": pulumi.String("string"),
},
Ruleset: pulumi.String("string"),
Rulesets: pulumi.StringArray{
pulumi.String("string"),
},
SecurityLevel: pulumi.String("string"),
ServeStale: &cloudflare.RulesetRuleActionParametersServeStaleArgs{
DisableStaleWhileUpdating: pulumi.Bool(false),
},
ServerSideExcludes: pulumi.Bool(false),
Sni: &cloudflare.RulesetRuleActionParametersSniArgs{
Value: pulumi.String("string"),
},
Ssl: pulumi.String("string"),
StatusCode: pulumi.Int(0),
Sxg: pulumi.Bool(false),
Uri: &cloudflare.RulesetRuleActionParametersUriArgs{
Origin: pulumi.Bool(false),
Path: &cloudflare.RulesetRuleActionParametersUriPathArgs{
Expression: pulumi.String("string"),
Value: pulumi.String("string"),
},
Query: &cloudflare.RulesetRuleActionParametersUriQueryArgs{
Expression: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
Version: pulumi.String("string"),
},
Description: pulumi.String("string"),
Enabled: pulumi.Bool(false),
ExposedCredentialCheck: &cloudflare.RulesetRuleExposedCredentialCheckArgs{
PasswordExpression: pulumi.String("string"),
UsernameExpression: pulumi.String("string"),
},
Id: pulumi.String("string"),
LastUpdated: pulumi.String("string"),
Logging: &cloudflare.RulesetRuleLoggingArgs{
Status: pulumi.String("string"),
},
Ratelimit: &cloudflare.RulesetRuleRatelimitArgs{
Characteristics: pulumi.StringArray{
pulumi.String("string"),
},
CountingExpression: pulumi.String("string"),
MitigationTimeout: pulumi.Int(0),
Period: pulumi.Int(0),
RequestsPerPeriod: pulumi.Int(0),
RequestsToOrigin: pulumi.Bool(false),
ScorePerPeriod: pulumi.Int(0),
ScoreResponseHeaderName: pulumi.String("string"),
},
Ref: pulumi.String("string"),
Version: pulumi.String("string"),
},
},
ShareableEntitlementName: pulumi.String("string"),
ZoneId: pulumi.String("string"),
})
var rulesetResource = new Ruleset("rulesetResource", RulesetArgs.builder()
.kind("string")
.name("string")
.phase("string")
.accountId("string")
.description("string")
.rules(RulesetRuleArgs.builder()
.expression("string")
.action("string")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.automaticHttpsRewrites(false)
.autominifies(RulesetRuleActionParametersAutominifyArgs.builder()
.css(false)
.html(false)
.js(false)
.build())
.bic(false)
.browserTtl(RulesetRuleActionParametersBrowserTtlArgs.builder()
.mode("string")
.default_(0)
.build())
.cache(false)
.cacheKey(RulesetRuleActionParametersCacheKeyArgs.builder()
.cacheByDeviceType(false)
.cacheDeceptionArmor(false)
.customKey(RulesetRuleActionParametersCacheKeyCustomKeyArgs.builder()
.cookie(RulesetRuleActionParametersCacheKeyCustomKeyCookieArgs.builder()
.checkPresences("string")
.includes("string")
.build())
.header(RulesetRuleActionParametersCacheKeyCustomKeyHeaderArgs.builder()
.checkPresences("string")
.excludeOrigin(false)
.includes("string")
.build())
.host(RulesetRuleActionParametersCacheKeyCustomKeyHostArgs.builder()
.resolved(false)
.build())
.queryString(RulesetRuleActionParametersCacheKeyCustomKeyQueryStringArgs.builder()
.excludes("string")
.includes("string")
.build())
.user(RulesetRuleActionParametersCacheKeyCustomKeyUserArgs.builder()
.deviceType(false)
.geo(false)
.lang(false)
.build())
.build())
.ignoreQueryStringsOrder(false)
.build())
.content("string")
.contentType("string")
.cookieFields("string")
.disableApps(false)
.disableRailgun(false)
.disableZaraz(false)
.edgeTtl(RulesetRuleActionParametersEdgeTtlArgs.builder()
.mode("string")
.default_(0)
.statusCodeTtls(RulesetRuleActionParametersEdgeTtlStatusCodeTtlArgs.builder()
.value(0)
.statusCode(0)
.statusCodeRanges(RulesetRuleActionParametersEdgeTtlStatusCodeTtlStatusCodeRangeArgs.builder()
.from(0)
.to(0)
.build())
.build())
.build())
.emailObfuscation(false)
.fromList(RulesetRuleActionParametersFromListArgs.builder()
.key("string")
.name("string")
.build())
.fromValue(RulesetRuleActionParametersFromValueArgs.builder()
.preserveQueryString(false)
.statusCode(0)
.targetUrl(RulesetRuleActionParametersFromValueTargetUrlArgs.builder()
.expression("string")
.value("string")
.build())
.build())
.headers(RulesetRuleActionParametersHeaderArgs.builder()
.expression("string")
.name("string")
.operation("string")
.value("string")
.build())
.hostHeader("string")
.hotlinkProtection(false)
.id("string")
.increment(0)
.matchedData(RulesetRuleActionParametersMatchedDataArgs.builder()
.publicKey("string")
.build())
.mirage(false)
.opportunisticEncryption(false)
.origin(RulesetRuleActionParametersOriginArgs.builder()
.host("string")
.port(0)
.build())
.originErrorPagePassthru(false)
.overrides(RulesetRuleActionParametersOverridesArgs.builder()
.action("string")
.categories(RulesetRuleActionParametersOverridesCategoryArgs.builder()
.action("string")
.category("string")
.status("string")
.build())
.rules(RulesetRuleActionParametersOverridesRuleArgs.builder()
.action("string")
.id("string")
.scoreThreshold(0)
.sensitivityLevel("string")
.status("string")
.build())
.sensitivityLevel("string")
.status("string")
.build())
.phases("string")
.polish("string")
.products("string")
.requestFields("string")
.respectStrongEtags(false)
.responseFields("string")
.responses(RulesetRuleActionParametersResponseArgs.builder()
.content("string")
.contentType("string")
.statusCode(0)
.build())
.rocketLoader(false)
.rules(Map.of("string", "string"))
.ruleset("string")
.rulesets("string")
.securityLevel("string")
.serveStale(RulesetRuleActionParametersServeStaleArgs.builder()
.disableStaleWhileUpdating(false)
.build())
.serverSideExcludes(false)
.sni(RulesetRuleActionParametersSniArgs.builder()
.value("string")
.build())
.ssl("string")
.statusCode(0)
.sxg(false)
.uri(RulesetRuleActionParametersUriArgs.builder()
.origin(false)
.path(RulesetRuleActionParametersUriPathArgs.builder()
.expression("string")
.value("string")
.build())
.query(RulesetRuleActionParametersUriQueryArgs.builder()
.expression("string")
.value("string")
.build())
.build())
.version("string")
.build())
.description("string")
.enabled(false)
.exposedCredentialCheck(RulesetRuleExposedCredentialCheckArgs.builder()
.passwordExpression("string")
.usernameExpression("string")
.build())
.id("string")
.lastUpdated("string")
.logging(RulesetRuleLoggingArgs.builder()
.status("string")
.build())
.ratelimit(RulesetRuleRatelimitArgs.builder()
.characteristics("string")
.countingExpression("string")
.mitigationTimeout(0)
.period(0)
.requestsPerPeriod(0)
.requestsToOrigin(false)
.scorePerPeriod(0)
.scoreResponseHeaderName("string")
.build())
.ref("string")
.version("string")
.build())
.shareableEntitlementName("string")
.zoneId("string")
.build());
ruleset_resource = cloudflare.Ruleset("rulesetResource",
kind="string",
name="string",
phase="string",
account_id="string",
description="string",
rules=[{
"expression": "string",
"action": "string",
"action_parameters": {
"automatic_https_rewrites": False,
"autominifies": [{
"css": False,
"html": False,
"js": False,
}],
"bic": False,
"browser_ttl": {
"mode": "string",
"default": 0,
},
"cache": False,
"cache_key": {
"cache_by_device_type": False,
"cache_deception_armor": False,
"custom_key": {
"cookie": {
"check_presences": ["string"],
"includes": ["string"],
},
"header": {
"check_presences": ["string"],
"exclude_origin": False,
"includes": ["string"],
},
"host": {
"resolved": False,
},
"query_string": {
"excludes": ["string"],
"includes": ["string"],
},
"user": {
"device_type": False,
"geo": False,
"lang": False,
},
},
"ignore_query_strings_order": False,
},
"content": "string",
"content_type": "string",
"cookie_fields": ["string"],
"disable_apps": False,
"disable_railgun": False,
"disable_zaraz": False,
"edge_ttl": {
"mode": "string",
"default": 0,
"status_code_ttls": [{
"value": 0,
"status_code": 0,
"status_code_ranges": [{
"from_": 0,
"to": 0,
}],
}],
},
"email_obfuscation": False,
"from_list": {
"key": "string",
"name": "string",
},
"from_value": {
"preserve_query_string": False,
"status_code": 0,
"target_url": {
"expression": "string",
"value": "string",
},
},
"headers": [{
"expression": "string",
"name": "string",
"operation": "string",
"value": "string",
}],
"host_header": "string",
"hotlink_protection": False,
"id": "string",
"increment": 0,
"matched_data": {
"public_key": "string",
},
"mirage": False,
"opportunistic_encryption": False,
"origin": {
"host": "string",
"port": 0,
},
"origin_error_page_passthru": False,
"overrides": {
"action": "string",
"categories": [{
"action": "string",
"category": "string",
"status": "string",
}],
"rules": [{
"action": "string",
"id": "string",
"score_threshold": 0,
"sensitivity_level": "string",
"status": "string",
}],
"sensitivity_level": "string",
"status": "string",
},
"phases": ["string"],
"polish": "string",
"products": ["string"],
"request_fields": ["string"],
"respect_strong_etags": False,
"response_fields": ["string"],
"responses": [{
"content": "string",
"content_type": "string",
"status_code": 0,
}],
"rocket_loader": False,
"rules": {
"string": "string",
},
"ruleset": "string",
"rulesets": ["string"],
"security_level": "string",
"serve_stale": {
"disable_stale_while_updating": False,
},
"server_side_excludes": False,
"sni": {
"value": "string",
},
"ssl": "string",
"status_code": 0,
"sxg": False,
"uri": {
"origin": False,
"path": {
"expression": "string",
"value": "string",
},
"query": {
"expression": "string",
"value": "string",
},
},
"version": "string",
},
"description": "string",
"enabled": False,
"exposed_credential_check": {
"password_expression": "string",
"username_expression": "string",
},
"id": "string",
"last_updated": "string",
"logging": {
"status": "string",
},
"ratelimit": {
"characteristics": ["string"],
"counting_expression": "string",
"mitigation_timeout": 0,
"period": 0,
"requests_per_period": 0,
"requests_to_origin": False,
"score_per_period": 0,
"score_response_header_name": "string",
},
"ref": "string",
"version": "string",
}],
shareable_entitlement_name="string",
zone_id="string")
const rulesetResource = new cloudflare.Ruleset("rulesetResource", {
kind: "string",
name: "string",
phase: "string",
accountId: "string",
description: "string",
rules: [{
expression: "string",
action: "string",
actionParameters: {
automaticHttpsRewrites: false,
autominifies: [{
css: false,
html: false,
js: false,
}],
bic: false,
browserTtl: {
mode: "string",
"default": 0,
},
cache: false,
cacheKey: {
cacheByDeviceType: false,
cacheDeceptionArmor: false,
customKey: {
cookie: {
checkPresences: ["string"],
includes: ["string"],
},
header: {
checkPresences: ["string"],
excludeOrigin: false,
includes: ["string"],
},
host: {
resolved: false,
},
queryString: {
excludes: ["string"],
includes: ["string"],
},
user: {
deviceType: false,
geo: false,
lang: false,
},
},
ignoreQueryStringsOrder: false,
},
content: "string",
contentType: "string",
cookieFields: ["string"],
disableApps: false,
disableRailgun: false,
disableZaraz: false,
edgeTtl: {
mode: "string",
"default": 0,
statusCodeTtls: [{
value: 0,
statusCode: 0,
statusCodeRanges: [{
from: 0,
to: 0,
}],
}],
},
emailObfuscation: false,
fromList: {
key: "string",
name: "string",
},
fromValue: {
preserveQueryString: false,
statusCode: 0,
targetUrl: {
expression: "string",
value: "string",
},
},
headers: [{
expression: "string",
name: "string",
operation: "string",
value: "string",
}],
hostHeader: "string",
hotlinkProtection: false,
id: "string",
increment: 0,
matchedData: {
publicKey: "string",
},
mirage: false,
opportunisticEncryption: false,
origin: {
host: "string",
port: 0,
},
originErrorPagePassthru: false,
overrides: {
action: "string",
categories: [{
action: "string",
category: "string",
status: "string",
}],
rules: [{
action: "string",
id: "string",
scoreThreshold: 0,
sensitivityLevel: "string",
status: "string",
}],
sensitivityLevel: "string",
status: "string",
},
phases: ["string"],
polish: "string",
products: ["string"],
requestFields: ["string"],
respectStrongEtags: false,
responseFields: ["string"],
responses: [{
content: "string",
contentType: "string",
statusCode: 0,
}],
rocketLoader: false,
rules: {
string: "string",
},
ruleset: "string",
rulesets: ["string"],
securityLevel: "string",
serveStale: {
disableStaleWhileUpdating: false,
},
serverSideExcludes: false,
sni: {
value: "string",
},
ssl: "string",
statusCode: 0,
sxg: false,
uri: {
origin: false,
path: {
expression: "string",
value: "string",
},
query: {
expression: "string",
value: "string",
},
},
version: "string",
},
description: "string",
enabled: false,
exposedCredentialCheck: {
passwordExpression: "string",
usernameExpression: "string",
},
id: "string",
lastUpdated: "string",
logging: {
status: "string",
},
ratelimit: {
characteristics: ["string"],
countingExpression: "string",
mitigationTimeout: 0,
period: 0,
requestsPerPeriod: 0,
requestsToOrigin: false,
scorePerPeriod: 0,
scoreResponseHeaderName: "string",
},
ref: "string",
version: "string",
}],
shareableEntitlementName: "string",
zoneId: "string",
});
type: cloudflare:Ruleset
properties:
accountId: string
description: string
kind: string
name: string
phase: string
rules:
- action: string
actionParameters:
automaticHttpsRewrites: false
autominifies:
- css: false
html: false
js: false
bic: false
browserTtl:
default: 0
mode: string
cache: false
cacheKey:
cacheByDeviceType: false
cacheDeceptionArmor: false
customKey:
cookie:
checkPresences:
- string
includes:
- string
header:
checkPresences:
- string
excludeOrigin: false
includes:
- string
host:
resolved: false
queryString:
excludes:
- string
includes:
- string
user:
deviceType: false
geo: false
lang: false
ignoreQueryStringsOrder: false
content: string
contentType: string
cookieFields:
- string
disableApps: false
disableRailgun: false
disableZaraz: false
edgeTtl:
default: 0
mode: string
statusCodeTtls:
- statusCode: 0
statusCodeRanges:
- from: 0
to: 0
value: 0
emailObfuscation: false
fromList:
key: string
name: string
fromValue:
preserveQueryString: false
statusCode: 0
targetUrl:
expression: string
value: string
headers:
- expression: string
name: string
operation: string
value: string
hostHeader: string
hotlinkProtection: false
id: string
increment: 0
matchedData:
publicKey: string
mirage: false
opportunisticEncryption: false
origin:
host: string
port: 0
originErrorPagePassthru: false
overrides:
action: string
categories:
- action: string
category: string
status: string
rules:
- action: string
id: string
scoreThreshold: 0
sensitivityLevel: string
status: string
sensitivityLevel: string
status: string
phases:
- string
polish: string
products:
- string
requestFields:
- string
respectStrongEtags: false
responseFields:
- string
responses:
- content: string
contentType: string
statusCode: 0
rocketLoader: false
rules:
string: string
ruleset: string
rulesets:
- string
securityLevel: string
serveStale:
disableStaleWhileUpdating: false
serverSideExcludes: false
sni:
value: string
ssl: string
statusCode: 0
sxg: false
uri:
origin: false
path:
expression: string
value: string
query:
expression: string
value: string
version: string
description: string
enabled: false
exposedCredentialCheck:
passwordExpression: string
usernameExpression: string
expression: string
id: string
lastUpdated: string
logging:
status: string
ratelimit:
characteristics:
- string
countingExpression: string
mitigationTimeout: 0
period: 0
requestsPerPeriod: 0
requestsToOrigin: false
scorePerPeriod: 0
scoreResponseHeaderName: string
ref: string
version: string
shareableEntitlementName: string
zoneId: string
Ruleset Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Ruleset resource accepts the following input properties:
- Kind string
- Type of Ruleset to create. Available values:
custom,managed,root,schema,zone. - Name string
- Name of the ruleset. Modifying this attribute will force creation of a new resource.
- Phase string
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_custom_errors,http_log_custom_fields,http_request_cache_settings,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_late_transform_managed,http_request_main,http_request_origin,http_request_dynamic_redirect,http_request_redirect,http_request_sanitize,http_request_transform,http_response_firewall_managed,http_response_headers_transform,http_response_headers_transform_managed,magic_transit,http_ratelimit,http_request_sbfm,http_config_settings. - Account
Id string - The account identifier to target for the resource. Conflicts with
zone_id. - Description string
- Brief summary of the ruleset and its intended use.
- Rules
List<Ruleset
Rule> - List of rules to apply to the ruleset.
- string
- Name of entitlement that is shareable between entities.
- Zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id.
- Kind string
- Type of Ruleset to create. Available values:
custom,managed,root,schema,zone. - Name string
- Name of the ruleset. Modifying this attribute will force creation of a new resource.
- Phase string
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_custom_errors,http_log_custom_fields,http_request_cache_settings,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_late_transform_managed,http_request_main,http_request_origin,http_request_dynamic_redirect,http_request_redirect,http_request_sanitize,http_request_transform,http_response_firewall_managed,http_response_headers_transform,http_response_headers_transform_managed,magic_transit,http_ratelimit,http_request_sbfm,http_config_settings. - Account
Id string - The account identifier to target for the resource. Conflicts with
zone_id. - Description string
- Brief summary of the ruleset and its intended use.
- Rules
[]Ruleset
Rule Args - List of rules to apply to the ruleset.
- string
- Name of entitlement that is shareable between entities.
- Zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id.
- kind String
- Type of Ruleset to create. Available values:
custom,managed,root,schema,zone. - name String
- Name of the ruleset. Modifying this attribute will force creation of a new resource.
- phase String
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_custom_errors,http_log_custom_fields,http_request_cache_settings,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_late_transform_managed,http_request_main,http_request_origin,http_request_dynamic_redirect,http_request_redirect,http_request_sanitize,http_request_transform,http_response_firewall_managed,http_response_headers_transform,http_response_headers_transform_managed,magic_transit,http_ratelimit,http_request_sbfm,http_config_settings. - account
Id String - The account identifier to target for the resource. Conflicts with
zone_id. - description String
- Brief summary of the ruleset and its intended use.
- rules
List<Ruleset
Rule> - List of rules to apply to the ruleset.
- String
- Name of entitlement that is shareable between entities.
- zone
Id String - The zone identifier to target for the resource. Conflicts with
account_id.
- kind string
- Type of Ruleset to create. Available values:
custom,managed,root,schema,zone. - name string
- Name of the ruleset. Modifying this attribute will force creation of a new resource.
- phase string
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_custom_errors,http_log_custom_fields,http_request_cache_settings,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_late_transform_managed,http_request_main,http_request_origin,http_request_dynamic_redirect,http_request_redirect,http_request_sanitize,http_request_transform,http_response_firewall_managed,http_response_headers_transform,http_response_headers_transform_managed,magic_transit,http_ratelimit,http_request_sbfm,http_config_settings. - account
Id string - The account identifier to target for the resource. Conflicts with
zone_id. - description string
- Brief summary of the ruleset and its intended use.
- rules
Ruleset
Rule[] - List of rules to apply to the ruleset.
- string
- Name of entitlement that is shareable between entities.
- zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id.
- kind str
- Type of Ruleset to create. Available values:
custom,managed,root,schema,zone. - name str
- Name of the ruleset. Modifying this attribute will force creation of a new resource.
- phase str
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_custom_errors,http_log_custom_fields,http_request_cache_settings,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_late_transform_managed,http_request_main,http_request_origin,http_request_dynamic_redirect,http_request_redirect,http_request_sanitize,http_request_transform,http_response_firewall_managed,http_response_headers_transform,http_response_headers_transform_managed,magic_transit,http_ratelimit,http_request_sbfm,http_config_settings. - account_
id str - The account identifier to target for the resource. Conflicts with
zone_id. - description str
- Brief summary of the ruleset and its intended use.
- rules
Sequence[Ruleset
Rule Args] - List of rules to apply to the ruleset.
- str
- Name of entitlement that is shareable between entities.
- zone_
id str - The zone identifier to target for the resource. Conflicts with
account_id.
- kind String
- Type of Ruleset to create. Available values:
custom,managed,root,schema,zone. - name String
- Name of the ruleset. Modifying this attribute will force creation of a new resource.
- phase String
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_custom_errors,http_log_custom_fields,http_request_cache_settings,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_late_transform_managed,http_request_main,http_request_origin,http_request_dynamic_redirect,http_request_redirect,http_request_sanitize,http_request_transform,http_response_firewall_managed,http_response_headers_transform,http_response_headers_transform_managed,magic_transit,http_ratelimit,http_request_sbfm,http_config_settings. - account
Id String - The account identifier to target for the resource. Conflicts with
zone_id. - description String
- Brief summary of the ruleset and its intended use.
- rules List<Property Map>
- List of rules to apply to the ruleset.
- String
- Name of entitlement that is shareable between entities.
- zone
Id String - The zone identifier to target for the resource. Conflicts with
account_id.
Outputs
All input properties are implicitly available as output properties. Additionally, the Ruleset resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Ruleset Resource
Get an existing Ruleset resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RulesetState, opts?: CustomResourceOptions): Ruleset@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
description: Optional[str] = None,
kind: Optional[str] = None,
name: Optional[str] = None,
phase: Optional[str] = None,
rules: Optional[Sequence[RulesetRuleArgs]] = None,
shareable_entitlement_name: Optional[str] = None,
zone_id: Optional[str] = None) -> Rulesetfunc GetRuleset(ctx *Context, name string, id IDInput, state *RulesetState, opts ...ResourceOption) (*Ruleset, error)public static Ruleset Get(string name, Input<string> id, RulesetState? state, CustomResourceOptions? opts = null)public static Ruleset get(String name, Output<String> id, RulesetState state, CustomResourceOptions options)resources: _: type: cloudflare:Ruleset get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Account
Id string - The account identifier to target for the resource. Conflicts with
zone_id. - Description string
- Brief summary of the ruleset and its intended use.
- Kind string
- Type of Ruleset to create. Available values:
custom,managed,root,schema,zone. - Name string
- Name of the ruleset. Modifying this attribute will force creation of a new resource.
- Phase string
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_custom_errors,http_log_custom_fields,http_request_cache_settings,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_late_transform_managed,http_request_main,http_request_origin,http_request_dynamic_redirect,http_request_redirect,http_request_sanitize,http_request_transform,http_response_firewall_managed,http_response_headers_transform,http_response_headers_transform_managed,magic_transit,http_ratelimit,http_request_sbfm,http_config_settings. - Rules
List<Ruleset
Rule> - List of rules to apply to the ruleset.
- string
- Name of entitlement that is shareable between entities.
- Zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id.
- Account
Id string - The account identifier to target for the resource. Conflicts with
zone_id. - Description string
- Brief summary of the ruleset and its intended use.
- Kind string
- Type of Ruleset to create. Available values:
custom,managed,root,schema,zone. - Name string
- Name of the ruleset. Modifying this attribute will force creation of a new resource.
- Phase string
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_custom_errors,http_log_custom_fields,http_request_cache_settings,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_late_transform_managed,http_request_main,http_request_origin,http_request_dynamic_redirect,http_request_redirect,http_request_sanitize,http_request_transform,http_response_firewall_managed,http_response_headers_transform,http_response_headers_transform_managed,magic_transit,http_ratelimit,http_request_sbfm,http_config_settings. - Rules
[]Ruleset
Rule Args - List of rules to apply to the ruleset.
- string
- Name of entitlement that is shareable between entities.
- Zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id.
- account
Id String - The account identifier to target for the resource. Conflicts with
zone_id. - description String
- Brief summary of the ruleset and its intended use.
- kind String
- Type of Ruleset to create. Available values:
custom,managed,root,schema,zone. - name String
- Name of the ruleset. Modifying this attribute will force creation of a new resource.
- phase String
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_custom_errors,http_log_custom_fields,http_request_cache_settings,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_late_transform_managed,http_request_main,http_request_origin,http_request_dynamic_redirect,http_request_redirect,http_request_sanitize,http_request_transform,http_response_firewall_managed,http_response_headers_transform,http_response_headers_transform_managed,magic_transit,http_ratelimit,http_request_sbfm,http_config_settings. - rules
List<Ruleset
Rule> - List of rules to apply to the ruleset.
- String
- Name of entitlement that is shareable between entities.
- zone
Id String - The zone identifier to target for the resource. Conflicts with
account_id.
- account
Id string - The account identifier to target for the resource. Conflicts with
zone_id. - description string
- Brief summary of the ruleset and its intended use.
- kind string
- Type of Ruleset to create. Available values:
custom,managed,root,schema,zone. - name string
- Name of the ruleset. Modifying this attribute will force creation of a new resource.
- phase string
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_custom_errors,http_log_custom_fields,http_request_cache_settings,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_late_transform_managed,http_request_main,http_request_origin,http_request_dynamic_redirect,http_request_redirect,http_request_sanitize,http_request_transform,http_response_firewall_managed,http_response_headers_transform,http_response_headers_transform_managed,magic_transit,http_ratelimit,http_request_sbfm,http_config_settings. - rules
Ruleset
Rule[] - List of rules to apply to the ruleset.
- string
- Name of entitlement that is shareable between entities.
- zone
Id string - The zone identifier to target for the resource. Conflicts with
account_id.
- account_
id str - The account identifier to target for the resource. Conflicts with
zone_id. - description str
- Brief summary of the ruleset and its intended use.
- kind str
- Type of Ruleset to create. Available values:
custom,managed,root,schema,zone. - name str
- Name of the ruleset. Modifying this attribute will force creation of a new resource.
- phase str
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_custom_errors,http_log_custom_fields,http_request_cache_settings,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_late_transform_managed,http_request_main,http_request_origin,http_request_dynamic_redirect,http_request_redirect,http_request_sanitize,http_request_transform,http_response_firewall_managed,http_response_headers_transform,http_response_headers_transform_managed,magic_transit,http_ratelimit,http_request_sbfm,http_config_settings. - rules
Sequence[Ruleset
Rule Args] - List of rules to apply to the ruleset.
- str
- Name of entitlement that is shareable between entities.
- zone_
id str - The zone identifier to target for the resource. Conflicts with
account_id.
- account
Id String - The account identifier to target for the resource. Conflicts with
zone_id. - description String
- Brief summary of the ruleset and its intended use.
- kind String
- Type of Ruleset to create. Available values:
custom,managed,root,schema,zone. - name String
- Name of the ruleset. Modifying this attribute will force creation of a new resource.
- phase String
- Point in the request/response lifecycle where the ruleset will be created. Available values:
ddos_l4,ddos_l7,http_custom_errors,http_log_custom_fields,http_request_cache_settings,http_request_firewall_custom,http_request_firewall_managed,http_request_late_transform,http_request_late_transform_managed,http_request_main,http_request_origin,http_request_dynamic_redirect,http_request_redirect,http_request_sanitize,http_request_transform,http_response_firewall_managed,http_response_headers_transform,http_response_headers_transform_managed,magic_transit,http_ratelimit,http_request_sbfm,http_config_settings. - rules List<Property Map>
- List of rules to apply to the ruleset.
- String
- Name of entitlement that is shareable between entities.
- zone
Id String - The zone identifier to target for the resource. Conflicts with
account_id.
Supporting Types
RulesetRule, RulesetRuleArgs
- Expression string
- Criteria for an HTTP request to trigger the ruleset rule action. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- Action string
- Action to perform in the ruleset rule. Available values:
block,challenge,ddos_dynamic,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,set_cache_settings,set_config,serve_error,skip. - Action
Parameters RulesetRule Action Parameters - List of parameters that configure the behavior of the ruleset rule action.
- Description string
- Brief summary of the ruleset rule and its intended use.
- Enabled bool
- Whether the rule is active.
- Exposed
Credential RulesetCheck Rule Exposed Credential Check - List of parameters that configure exposed credential checks.
- Id string
- Unique rule identifier.
- Last
Updated string - The most recent update to this rule.
- Logging
Ruleset
Rule Logging - List parameters to configure how the rule generates logs.
- Ratelimit
Ruleset
Rule Ratelimit - List of parameters that configure HTTP rate limiting behaviour.
- Ref string
- Rule reference.
- Version string
- Version of the ruleset to deploy.
- Expression string
- Criteria for an HTTP request to trigger the ruleset rule action. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- Action string
- Action to perform in the ruleset rule. Available values:
block,challenge,ddos_dynamic,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,set_cache_settings,set_config,serve_error,skip. - Action
Parameters RulesetRule Action Parameters - List of parameters that configure the behavior of the ruleset rule action.
- Description string
- Brief summary of the ruleset rule and its intended use.
- Enabled bool
- Whether the rule is active.
- Exposed
Credential RulesetCheck Rule Exposed Credential Check - List of parameters that configure exposed credential checks.
- Id string
- Unique rule identifier.
- Last
Updated string - The most recent update to this rule.
- Logging
Ruleset
Rule Logging - List parameters to configure how the rule generates logs.
- Ratelimit
Ruleset
Rule Ratelimit - List of parameters that configure HTTP rate limiting behaviour.
- Ref string
- Rule reference.
- Version string
- Version of the ruleset to deploy.
- expression String
- Criteria for an HTTP request to trigger the ruleset rule action. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- action String
- Action to perform in the ruleset rule. Available values:
block,challenge,ddos_dynamic,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,set_cache_settings,set_config,serve_error,skip. - action
Parameters RulesetRule Action Parameters - List of parameters that configure the behavior of the ruleset rule action.
- description String
- Brief summary of the ruleset rule and its intended use.
- enabled Boolean
- Whether the rule is active.
- exposed
Credential RulesetCheck Rule Exposed Credential Check - List of parameters that configure exposed credential checks.
- id String
- Unique rule identifier.
- last
Updated String - The most recent update to this rule.
- logging
Ruleset
Rule Logging - List parameters to configure how the rule generates logs.
- ratelimit
Ruleset
Rule Ratelimit - List of parameters that configure HTTP rate limiting behaviour.
- ref String
- Rule reference.
- version String
- Version of the ruleset to deploy.
- expression string
- Criteria for an HTTP request to trigger the ruleset rule action. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- action string
- Action to perform in the ruleset rule. Available values:
block,challenge,ddos_dynamic,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,set_cache_settings,set_config,serve_error,skip. - action
Parameters RulesetRule Action Parameters - List of parameters that configure the behavior of the ruleset rule action.
- description string
- Brief summary of the ruleset rule and its intended use.
- enabled boolean
- Whether the rule is active.
- exposed
Credential RulesetCheck Rule Exposed Credential Check - List of parameters that configure exposed credential checks.
- id string
- Unique rule identifier.
- last
Updated string - The most recent update to this rule.
- logging
Ruleset
Rule Logging - List parameters to configure how the rule generates logs.
- ratelimit
Ruleset
Rule Ratelimit - List of parameters that configure HTTP rate limiting behaviour.
- ref string
- Rule reference.
- version string
- Version of the ruleset to deploy.
- expression str
- Criteria for an HTTP request to trigger the ruleset rule action. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- action str
- Action to perform in the ruleset rule. Available values:
block,challenge,ddos_dynamic,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,set_cache_settings,set_config,serve_error,skip. - action_
parameters RulesetRule Action Parameters - List of parameters that configure the behavior of the ruleset rule action.
- description str
- Brief summary of the ruleset rule and its intended use.
- enabled bool
- Whether the rule is active.
- exposed_
credential_ Rulesetcheck Rule Exposed Credential Check - List of parameters that configure exposed credential checks.
- id str
- Unique rule identifier.
- last_
updated str - The most recent update to this rule.
- logging
Ruleset
Rule Logging - List parameters to configure how the rule generates logs.
- ratelimit
Ruleset
Rule Ratelimit - List of parameters that configure HTTP rate limiting behaviour.
- ref str
- Rule reference.
- version str
- Version of the ruleset to deploy.
- expression String
- Criteria for an HTTP request to trigger the ruleset rule action. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the Firewall Rules language documentation for all available fields, operators, and functions.
- action String
- Action to perform in the ruleset rule. Available values:
block,challenge,ddos_dynamic,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,set_cache_settings,set_config,serve_error,skip. - action
Parameters Property Map - List of parameters that configure the behavior of the ruleset rule action.
- description String
- Brief summary of the ruleset rule and its intended use.
- enabled Boolean
- Whether the rule is active.
- exposed
Credential Property MapCheck - List of parameters that configure exposed credential checks.
- id String
- Unique rule identifier.
- last
Updated String - The most recent update to this rule.
- logging Property Map
- List parameters to configure how the rule generates logs.
- ratelimit Property Map
- List of parameters that configure HTTP rate limiting behaviour.
- ref String
- Rule reference.
- version String
- Version of the ruleset to deploy.
RulesetRuleActionParameters, RulesetRuleActionParametersArgs
- Automatic
Https boolRewrites - Autominifies
List<Ruleset
Rule Action Parameters Autominify> - Bic bool
- Browser
Ttl RulesetRule Action Parameters Browser Ttl - Cache bool
- Cache
Key RulesetRule Action Parameters Cache Key - Content string
- Content
Type string - List<string>
- Disable
Apps bool - Disable
Railgun bool - Disable
Zaraz bool - Edge
Ttl RulesetRule Action Parameters Edge Ttl - Email
Obfuscation bool - From
List RulesetRule Action Parameters From List - From
Value RulesetRule Action Parameters From Value - Headers
List<Ruleset
Rule Action Parameters Header> - Host
Header string - Hotlink
Protection bool - Id string
- The ID of this resource.
- Increment int
- Matched
Data RulesetRule Action Parameters Matched Data - Mirage bool
- Opportunistic
Encryption bool - Origin
Ruleset
Rule Action Parameters Origin - Origin
Error boolPage Passthru - Overrides
Ruleset
Rule Action Parameters Overrides - Phases List<string>
- Polish string
- Products List<string>
- Request
Fields List<string> - bool
- Response
Fields List<string> - Responses
List<Ruleset
Rule Action Parameters Response> - Rocket
Loader bool - Rules Dictionary<string, string>
- List of rules to apply to the ruleset.
- Ruleset string
- Rulesets List<string>
- Security
Level string - Serve
Stale RulesetRule Action Parameters Serve Stale - Server
Side boolExcludes - Sni
Ruleset
Rule Action Parameters Sni - Ssl string
- Status
Code int - Sxg bool
- Uri
Ruleset
Rule Action Parameters Uri - Version string
- Automatic
Https boolRewrites - Autominifies
[]Ruleset
Rule Action Parameters Autominify - Bic bool
- Browser
Ttl RulesetRule Action Parameters Browser Ttl - Cache bool
- Cache
Key RulesetRule Action Parameters Cache Key - Content string
- Content
Type string - []string
- Disable
Apps bool - Disable
Railgun bool - Disable
Zaraz bool - Edge
Ttl RulesetRule Action Parameters Edge Ttl - Email
Obfuscation bool - From
List RulesetRule Action Parameters From List - From
Value RulesetRule Action Parameters From Value - Headers
[]Ruleset
Rule Action Parameters Header - Host
Header string - Hotlink
Protection bool - Id string
- The ID of this resource.
- Increment int
- Matched
Data RulesetRule Action Parameters Matched Data - Mirage bool
- Opportunistic
Encryption bool - Origin
Ruleset
Rule Action Parameters Origin - Origin
Error boolPage Passthru - Overrides
Ruleset
Rule Action Parameters Overrides - Phases []string
- Polish string
- Products []string
- Request
Fields []string - bool
- Response
Fields []string - Responses
[]Ruleset
Rule Action Parameters Response - Rocket
Loader bool - Rules map[string]string
- List of rules to apply to the ruleset.
- Ruleset string
- Rulesets []string
- Security
Level string - Serve
Stale RulesetRule Action Parameters Serve Stale - Server
Side boolExcludes - Sni
Ruleset
Rule Action Parameters Sni - Ssl string
- Status
Code int - Sxg bool
- Uri
Ruleset
Rule Action Parameters Uri - Version string
- automatic
Https BooleanRewrites - autominifies
List<Ruleset
Rule Action Parameters Autominify> - bic Boolean
- browser
Ttl RulesetRule Action Parameters Browser Ttl - cache Boolean
- cache
Key RulesetRule Action Parameters Cache Key - content String
- content
Type String - List<String>
- disable
Apps Boolean - disable
Railgun Boolean - disable
Zaraz Boolean - edge
Ttl RulesetRule Action Parameters Edge Ttl - email
Obfuscation Boolean - from
List RulesetRule Action Parameters From List - from
Value RulesetRule Action Parameters From Value - headers
List<Ruleset
Rule Action Parameters Header> - host
Header String - hotlink
Protection Boolean - id String
- The ID of this resource.
- increment Integer
- matched
Data RulesetRule Action Parameters Matched Data - mirage Boolean
- opportunistic
Encryption Boolean - origin
Ruleset
Rule Action Parameters Origin - origin
Error BooleanPage Passthru - overrides
Ruleset
Rule Action Parameters Overrides - phases List<String>
- polish String
- products List<String>
- request
Fields List<String> - Boolean
- response
Fields List<String> - responses
List<Ruleset
Rule Action Parameters Response> - rocket
Loader Boolean - rules Map<String,String>
- List of rules to apply to the ruleset.
- ruleset String
- rulesets List<String>
- security
Level String - serve
Stale RulesetRule Action Parameters Serve Stale - server
Side BooleanExcludes - sni
Ruleset
Rule Action Parameters Sni - ssl String
- status
Code Integer - sxg Boolean
- uri
Ruleset
Rule Action Parameters Uri - version String
- automatic
Https booleanRewrites - autominifies
Ruleset
Rule Action Parameters Autominify[] - bic boolean
- browser
Ttl RulesetRule Action Parameters Browser Ttl - cache boolean
- cache
Key RulesetRule Action Parameters Cache Key - content string
- content
Type string - string[]
- disable
Apps boolean - disable
Railgun boolean - disable
Zaraz boolean - edge
Ttl RulesetRule Action Parameters Edge Ttl - email
Obfuscation boolean - from
List RulesetRule Action Parameters From List - from
Value RulesetRule Action Parameters From Value - headers
Ruleset
Rule Action Parameters Header[] - host
Header string - hotlink
Protection boolean - id string
- The ID of this resource.
- increment number
- matched
Data RulesetRule Action Parameters Matched Data - mirage boolean
- opportunistic
Encryption boolean - origin
Ruleset
Rule Action Parameters Origin - origin
Error booleanPage Passthru - overrides
Ruleset
Rule Action Parameters Overrides - phases string[]
- polish string
- products string[]
- request
Fields string[] - boolean
- response
Fields string[] - responses
Ruleset
Rule Action Parameters Response[] - rocket
Loader boolean - rules {[key: string]: string}
- List of rules to apply to the ruleset.
- ruleset string
- rulesets string[]
- security
Level string - serve
Stale RulesetRule Action Parameters Serve Stale - server
Side booleanExcludes - sni
Ruleset
Rule Action Parameters Sni - ssl string
- status
Code number - sxg boolean
- uri
Ruleset
Rule Action Parameters Uri - version string
- automatic_
https_ boolrewrites - autominifies
Sequence[Ruleset
Rule Action Parameters Autominify] - bic bool
- browser_
ttl RulesetRule Action Parameters Browser Ttl - cache bool
- cache_
key RulesetRule Action Parameters Cache Key - content str
- content_
type str - Sequence[str]
- disable_
apps bool - disable_
railgun bool - disable_
zaraz bool - edge_
ttl RulesetRule Action Parameters Edge Ttl - email_
obfuscation bool - from_
list RulesetRule Action Parameters From List - from_
value RulesetRule Action Parameters From Value - headers
Sequence[Ruleset
Rule Action Parameters Header] - host_
header str - hotlink_
protection bool - id str
- The ID of this resource.
- increment int
- matched_
data RulesetRule Action Parameters Matched Data - mirage bool
- opportunistic_
encryption bool - origin
Ruleset
Rule Action Parameters Origin - origin_
error_ boolpage_ passthru - overrides
Ruleset
Rule Action Parameters Overrides - phases Sequence[str]
- polish str
- products Sequence[str]
- request_
fields Sequence[str] - bool
- response_
fields Sequence[str] - responses
Sequence[Ruleset
Rule Action Parameters Response] - rocket_
loader bool - rules Mapping[str, str]
- List of rules to apply to the ruleset.
- ruleset str
- rulesets Sequence[str]
- security_
level str - serve_
stale RulesetRule Action Parameters Serve Stale - server_
side_ boolexcludes - sni
Ruleset
Rule Action Parameters Sni - ssl str
- status_
code int - sxg bool
- uri
Ruleset
Rule Action Parameters Uri - version str
- automatic
Https BooleanRewrites - autominifies List<Property Map>
- bic Boolean
- browser
Ttl Property Map - cache Boolean
- cache
Key Property Map - content String
- content
Type String - List<String>
- disable
Apps Boolean - disable
Railgun Boolean - disable
Zaraz Boolean - edge
Ttl Property Map - email
Obfuscation Boolean - from
List Property Map - from
Value Property Map - headers List<Property Map>
- host
Header String - hotlink
Protection Boolean - id String
- The ID of this resource.
- increment Number
- matched
Data Property Map - mirage Boolean
- opportunistic
Encryption Boolean - origin Property Map
- origin
Error BooleanPage Passthru - overrides Property Map
- phases List<String>
- polish String
- products List<String>
- request
Fields List<String> - Boolean
- response
Fields List<String> - responses List<Property Map>
- rocket
Loader Boolean - rules Map<String>
- List of rules to apply to the ruleset.
- ruleset String
- rulesets List<String>
- security
Level String - serve
Stale Property Map - server
Side BooleanExcludes - sni Property Map
- ssl String
- status
Code Number - sxg Boolean
- uri Property Map
- version String
RulesetRuleActionParametersAutominify, RulesetRuleActionParametersAutominifyArgs
RulesetRuleActionParametersBrowserTtl, RulesetRuleActionParametersBrowserTtlArgs
RulesetRuleActionParametersCacheKey, RulesetRuleActionParametersCacheKeyArgs
- cache
By BooleanDevice Type - cache
Deception BooleanArmor - custom
Key Property Map - ignore
Query BooleanStrings Order
RulesetRuleActionParametersCacheKeyCustomKey, RulesetRuleActionParametersCacheKeyCustomKeyArgs
RulesetRuleActionParametersCacheKeyCustomKeyCookie, RulesetRuleActionParametersCacheKeyCustomKeyCookieArgs
- Check
Presences List<string> - Includes List<string>
- Check
Presences []string - Includes []string
- check
Presences List<String> - includes List<String>
- check
Presences string[] - includes string[]
- check_
presences Sequence[str] - includes Sequence[str]
- check
Presences List<String> - includes List<String>
RulesetRuleActionParametersCacheKeyCustomKeyHeader, RulesetRuleActionParametersCacheKeyCustomKeyHeaderArgs
- Check
Presences List<string> - Exclude
Origin bool - Includes List<string>
- Check
Presences []string - Exclude
Origin bool - Includes []string
- check
Presences List<String> - exclude
Origin Boolean - includes List<String>
- check
Presences string[] - exclude
Origin boolean - includes string[]
- check_
presences Sequence[str] - exclude_
origin bool - includes Sequence[str]
- check
Presences List<String> - exclude
Origin Boolean - includes List<String>
RulesetRuleActionParametersCacheKeyCustomKeyHost, RulesetRuleActionParametersCacheKeyCustomKeyHostArgs
- Resolved bool
- Resolved bool
- resolved Boolean
- resolved boolean
- resolved bool
- resolved Boolean
RulesetRuleActionParametersCacheKeyCustomKeyQueryString, RulesetRuleActionParametersCacheKeyCustomKeyQueryStringArgs
RulesetRuleActionParametersCacheKeyCustomKeyUser, RulesetRuleActionParametersCacheKeyCustomKeyUserArgs
- Device
Type bool - Geo bool
- Lang bool
- Device
Type bool - Geo bool
- Lang bool
- device
Type Boolean - geo Boolean
- lang Boolean
- device
Type boolean - geo boolean
- lang boolean
- device_
type bool - geo bool
- lang bool
- device
Type Boolean - geo Boolean
- lang Boolean
RulesetRuleActionParametersEdgeTtl, RulesetRuleActionParametersEdgeTtlArgs
- mode String
- default Number
- status
Code List<Property Map>Ttls
RulesetRuleActionParametersEdgeTtlStatusCodeTtl, RulesetRuleActionParametersEdgeTtlStatusCodeTtlArgs
- value Number
- status
Code Number - status
Code List<Property Map>Ranges
RulesetRuleActionParametersEdgeTtlStatusCodeTtlStatusCodeRange, RulesetRuleActionParametersEdgeTtlStatusCodeTtlStatusCodeRangeArgs
RulesetRuleActionParametersFromList, RulesetRuleActionParametersFromListArgs
RulesetRuleActionParametersFromValue, RulesetRuleActionParametersFromValueArgs
- preserve
Query BooleanString - status
Code Number - target
Url Property Map
RulesetRuleActionParametersFromValueTargetUrl, RulesetRuleActionParametersFromValueTargetUrlArgs
- Expression string
- Value string
- Expression string
- Value string
- expression String
- value String
- expression string
- value string
- expression str
- value str
- expression String
- value String
RulesetRuleActionParametersHeader, RulesetRuleActionParametersHeaderArgs
- Expression string
- Name string
- Name of the ruleset. Modifying this attribute will force creation of a new resource.
- Operation string
- Value string
- Expression string
- Name string
- Name of the ruleset. Modifying this attribute will force creation of a new resource.
- Operation string
- Value string
- expression String
- name String
- Name of the ruleset. Modifying this attribute will force creation of a new resource.
- operation String
- value String
- expression string
- name string
- Name of the ruleset. Modifying this attribute will force creation of a new resource.
- operation string
- value string
- expression str
- name str
- Name of the ruleset. Modifying this attribute will force creation of a new resource.
- operation str
- value str
- expression String
- name String
- Name of the ruleset. Modifying this attribute will force creation of a new resource.
- operation String
- value String
RulesetRuleActionParametersMatchedData, RulesetRuleActionParametersMatchedDataArgs
- Public
Key string
- Public
Key string
- public
Key String
- public
Key string
- public_
key str
- public
Key String
RulesetRuleActionParametersOrigin, RulesetRuleActionParametersOriginArgs
RulesetRuleActionParametersOverrides, RulesetRuleActionParametersOverridesArgs
- Action string
- Categories
List<Ruleset
Rule Action Parameters Overrides Category> - Enabled bool
- Rules
List<Ruleset
Rule Action Parameters Overrides Rule> - List of rules to apply to the ruleset.
- Sensitivity
Level string - Status string
- Action string
- Categories
[]Ruleset
Rule Action Parameters Overrides Category - Enabled bool
- Rules
[]Ruleset
Rule Action Parameters Overrides Rule - List of rules to apply to the ruleset.
- Sensitivity
Level string - Status string
- action String
- categories
List<Ruleset
Rule Action Parameters Overrides Category> - enabled Boolean
- rules
List<Ruleset
Rule Action Parameters Overrides Rule> - List of rules to apply to the ruleset.
- sensitivity
Level String - status String
- action string
- categories
Ruleset
Rule Action Parameters Overrides Category[] - enabled boolean
- rules
Ruleset
Rule Action Parameters Overrides Rule[] - List of rules to apply to the ruleset.
- sensitivity
Level string - status string
- action str
- categories
Sequence[Ruleset
Rule Action Parameters Overrides Category] - enabled bool
- rules
Sequence[Ruleset
Rule Action Parameters Overrides Rule] - List of rules to apply to the ruleset.
- sensitivity_
level str - status str
- action String
- categories List<Property Map>
- enabled Boolean
- rules List<Property Map>
- List of rules to apply to the ruleset.
- sensitivity
Level String - status String
RulesetRuleActionParametersOverridesCategory, RulesetRuleActionParametersOverridesCategoryArgs
RulesetRuleActionParametersOverridesRule, RulesetRuleActionParametersOverridesRuleArgs
- Action string
- Action to perform in the ruleset rule. Available values:
block,challenge,ddos_dynamic,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,set_cache_settings,set_config,serve_error,skip. - Enabled bool
- Whether the rule is active.
- Id string
- Unique rule identifier.
- Score
Threshold int - Sensitivity
Level string - Status string
- Action string
- Action to perform in the ruleset rule. Available values:
block,challenge,ddos_dynamic,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,set_cache_settings,set_config,serve_error,skip. - Enabled bool
- Whether the rule is active.
- Id string
- Unique rule identifier.
- Score
Threshold int - Sensitivity
Level string - Status string
- action String
- Action to perform in the ruleset rule. Available values:
block,challenge,ddos_dynamic,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,set_cache_settings,set_config,serve_error,skip. - enabled Boolean
- Whether the rule is active.
- id String
- Unique rule identifier.
- score
Threshold Integer - sensitivity
Level String - status String
- action string
- Action to perform in the ruleset rule. Available values:
block,challenge,ddos_dynamic,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,set_cache_settings,set_config,serve_error,skip. - enabled boolean
- Whether the rule is active.
- id string
- Unique rule identifier.
- score
Threshold number - sensitivity
Level string - status string
- action str
- Action to perform in the ruleset rule. Available values:
block,challenge,ddos_dynamic,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,set_cache_settings,set_config,serve_error,skip. - enabled bool
- Whether the rule is active.
- id str
- Unique rule identifier.
- score_
threshold int - sensitivity_
level str - status str
- action String
- Action to perform in the ruleset rule. Available values:
block,challenge,ddos_dynamic,execute,force_connection_close,js_challenge,log,log_custom_field,managed_challenge,redirect,rewrite,route,score,set_cache_settings,set_config,serve_error,skip. - enabled Boolean
- Whether the rule is active.
- id String
- Unique rule identifier.
- score
Threshold Number - sensitivity
Level String - status String
RulesetRuleActionParametersResponse, RulesetRuleActionParametersResponseArgs
- Content string
- Content
Type string - Status
Code int
- Content string
- Content
Type string - Status
Code int
- content String
- content
Type String - status
Code Integer
- content string
- content
Type string - status
Code number
- content str
- content_
type str - status_
code int
- content String
- content
Type String - status
Code Number
RulesetRuleActionParametersServeStale, RulesetRuleActionParametersServeStaleArgs
- disable
Stale BooleanWhile Updating
- disable
Stale booleanWhile Updating
- disable
Stale BooleanWhile Updating
RulesetRuleActionParametersSni, RulesetRuleActionParametersSniArgs
- Value string
- Value string
- value String
- value string
- value str
- value String
RulesetRuleActionParametersUri, RulesetRuleActionParametersUriArgs
- origin Boolean
- path Property Map
- query Property Map
RulesetRuleActionParametersUriPath, RulesetRuleActionParametersUriPathArgs
- Expression string
- Value string
- Expression string
- Value string
- expression String
- value String
- expression string
- value string
- expression str
- value str
- expression String
- value String
RulesetRuleActionParametersUriQuery, RulesetRuleActionParametersUriQueryArgs
- Expression string
- Value string
- Expression string
- Value string
- expression String
- value String
- expression string
- value string
- expression str
- value str
- expression String
- value String
RulesetRuleExposedCredentialCheck, RulesetRuleExposedCredentialCheckArgs
- Password
Expression string - Username
Expression string
- Password
Expression string - Username
Expression string
- password
Expression String - username
Expression String
- password
Expression string - username
Expression string
- password
Expression String - username
Expression String
RulesetRuleLogging, RulesetRuleLoggingArgs
RulesetRuleRatelimit, RulesetRuleRatelimitArgs
- Characteristics List<string>
- Counting
Expression string - Mitigation
Timeout int - Period int
- Requests
Per intPeriod - Requests
To boolOrigin - Score
Per intPeriod - Score
Response stringHeader Name
- Characteristics []string
- Counting
Expression string - Mitigation
Timeout int - Period int
- Requests
Per intPeriod - Requests
To boolOrigin - Score
Per intPeriod - Score
Response stringHeader Name
- characteristics List<String>
- counting
Expression String - mitigation
Timeout Integer - period Integer
- requests
Per IntegerPeriod - requests
To BooleanOrigin - score
Per IntegerPeriod - score
Response StringHeader Name
- characteristics string[]
- counting
Expression string - mitigation
Timeout number - period number
- requests
Per numberPeriod - requests
To booleanOrigin - score
Per numberPeriod - score
Response stringHeader Name
- characteristics Sequence[str]
- counting_
expression str - mitigation_
timeout int - period int
- requests_
per_ intperiod - requests_
to_ boolorigin - score_
per_ intperiod - score_
response_ strheader_ name
- characteristics List<String>
- counting
Expression String - mitigation
Timeout Number - period Number
- requests
Per NumberPeriod - requests
To BooleanOrigin - score
Per NumberPeriod - score
Response StringHeader Name
Package Details
- Repository
- Cloudflare pulumi/pulumi-cloudflare
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cloudflareTerraform Provider.
Viewing docs for Cloudflare v4.16.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
