Cloudflare Docs
Rules
Cloudflare Docs
Rules
GitHub icon
Visit Rules on GitHub
Set theme to dark (⇧+D)
  1. Products
  2. Rules
  3. Configuration Rules
  4. Create a rule via API

Create a Configuration Rule via API

Use the Rulesets API to create Configuration Rules via API.

When creating a Configuration Rule via API, make sure you:

  • Set the rule action to set_config.
  • Define the parameters in the action_parameters field according to the settings you wish to override for matching requests.
  • Deploy the rule to the http_config_settings phase at the zone level.

Follow this workflow to create a Configuration Rule for a given zone via API:

  1. Use the List existing rulesets method to check if there is already a ruleset for the http_config_settings phase at the zone level.

  2. If the phase ruleset does not exist, create it using the Create ruleset method with the zone-level endpoint. In the new ruleset properties, set the following values:

    • kind: zone
    • phase: http_config_settings

  3. Use the Update ruleset method to add a Configuration Rule to the list of ruleset rules (check the examples below). Alternatively, include the rule in the Create ruleset request mentioned in the previous step.

​​ Required API token permissions

The API token used in API requests to manage Configuration Rules must have at least the following permission:

  • Zone > Config Rules > Edit

​​ Examples

Example: Add a rule that enables Auto Minify for CSS files and enables Hotlink Protection

The following example sets the rules of an existing phase ruleset (<RULESET_ID>) to a single Configuration Rule — enabling Auto Minify for CSS files and Hotlink Protection for the assets.example.com hostname — using the Update ruleset method:

cURL example request
$ curl -X PUT \
"https://api.cloudflare.com/client/v4/zones/<ZONE_ID>/rulesets/<RULESET_ID>" \
-H "Authorization: Bearer <API_TOKEN>" \
-H "Content-Type: application/json" \
-d '{
  "rules": [
    {
      "expression": "http.host eq \"assets.example.com\"",
      "description": "Minifies CSS files and enables Hotlink Protection for assets.example.com",
      "action": "set_config",
      "action_parameters": {
        "autominify": {
          "html": false,
          "css": true,
          "js": false
        },
        "hotlink_protection": true
      }
    }
  ]

}'
Example: Add a rule that enables Email Obfuscation and Browser Integrity Check

The following example sets the rules of an existing phase ruleset (<RULESET_ID>) to a single Configuration Rule — enabling Email Obfuscation and Browser Integrity Check for the contacts page — using the Update ruleset method:

cURL example request
$ curl -X PUT \
"https://api.cloudflare.com/client/v4/zones/<ZONE_ID>/rulesets/<RULESET_ID>" \
-H "Authorization: Bearer <API_TOKEN>" \
-H "Content-Type: application/json" \
-d '{
  "rules": [
    {
      "expression": "starts_with(http.request.uri.path, \"/contact-us/\")",
      "description": "Obfuscates email addresses and enables BIC in contacts page",
      "action": "set_config",
      "action_parameters": {
        "email_obfuscation": true,
        "bic": true
      }
    }
  ]

}'
Example: Add a rule that sets the Security Level to High

The following example sets the rules of an existing phase ruleset (<RULESET_ID>) to a single Configuration Rule — changing the Security Level to High for the administration area — using the Update ruleset method:

cURL example request
$ curl -X PUT \
"https://api.cloudflare.com/client/v4/zones/<ZONE_ID>/rulesets/<RULESET_ID>" \
-H "Authorization: Bearer <API_TOKEN>" \
-H "Content-Type: application/json" \
-d '{
  "rules": [
    {
      "expression": "http.host eq \"admin.example.com\"",
      "description": "Change Security Level for admin area",
      "action": "set_config",
      "action_parameters": {
        "security_level": "high"
      }
    }
  ]

}'