Cloudflare Docs
WAF
Cloudflare Docs
WAF
GitHub icon
Visit WAF on GitHub
Set theme to dark (⇧+D)
  1. Products
  2. WAF
  3. ...
  4. Create WAF exceptions
  5. Add an exception via API

Add a WAF exception via API

To add a WAF exception via API, create a rule with skip action in a phase entry point ruleset of the http_request_firewall_managed phase. You can define WAF exceptions at the account level and at the zone level.

To configure the WAF exception, define the action_parameters object according to the exception type.

Refer to Add rules to phase entry point rulesets for more information on adding rules using the Rulesets API.

​​ Skip all remaining rules

To skip all the remaining rules in the entry point ruleset, create a rule with skip action and include "ruleset": "current" in the action_parameters object.

Example of rule definition:

{
  "expression": "<RULE_EXPRESSION>",
  "action": "skip",
  "action_parameters": {
    "ruleset": "current"
  }

}

Skipping all remaining rules only affects the rules in the current context (account or zone). For example, adding a rule with skip action to the account-level phase entry point ruleset has no impact on the rules defined in the zone-level phase entry point ruleset — these zone-level rules will still be evaluated.

​​ Skip one or more WAF managed rulesets

To skip one or more WAF managed rulesets, create a rule with skip action containing a rulesets field in the action_parameters object. The rulesets field must contain a list of managed ruleset IDs you wish to skip.

Example of rule definition:

{
  "expression": "<RULE_EXPRESSION>",
  "action": "skip",
  "action_parameters": {
    "rulesets": ["{waf-managed-ruleset-id-1}", "{waf-managed-ruleset-id-2}"]
  }

}

The managed rulesets to skip must belong to the http_request_firewall_managed phase.

​​ Skip one or more rules of WAF managed rulesets

To skip one or more rules of WAF managed rulesets, create a rule with skip action containing a rules object in the action_parameters object. The rules object must contain one or more managed ruleset IDs as keys, and a list of rules to skip in those managed rulesets as the value of each key.

The following example defines a rule with skip action that will skip rules A and B of managed ruleset 1, and rule X of managed ruleset 2:

{
  "expression": "<RULE_EXPRESSION>",
  "action": "skip",
  "action_parameters": {
    "rules": {
      "{waf-managed-ruleset-id-1}": ["{rule-id-A}", "{rule-id-B}"],
      "{waf-managed-ruleset-id-2}": ["{rule-id-X}"]
    }
  }

}

The rules in the rules object must belong to the specified managed rulesets, otherwise you will get an error.