Skip to content
Cloudflare Docs

Enable only selected rules

Use a ruleset override and a rule override in a phase entry point ruleset to execute only selected rules in a managed ruleset.

  1. Add a rule to a phase entry point ruleset that executes a managed ruleset.
  2. Configure a ruleset override that disables all rules in the managed ruleset.
  3. Configure a rule override to set an action for the rules you want to execute.

Example: Configure ruleset and rule overrides at the zone level

The following PUT request uses the Update a zone entry point ruleset operation to define a configuration that executes only two rules from a managed ruleset in the http_request_firewall_managed phase.

In this example:

  • "id": "<MANAGED_RULESET_ID>" defines the managed ruleset to execute for requests in the specified zone ($ZONE_ID).
  • "enabled": false defines an override at the ruleset level to disable all rules in the managed ruleset.
  • "rules": [{"id": "<RULE_ID_1>", "action": "block", "enabled": true}, {"id": "<RULE_ID_2>", "action": "log", "enabled": true}] defines a list of overrides at the rule level to enable two individual rules.

Required API token permissions

 At least one of the following token permissions is required:
  • Response Compression Write
  • Config Settings Write
  • Dynamic URL Redirects Write
  • Cache Settings Write
  • Custom Errors Write
  • Origin Write
  • Managed headers Write
  • Zone Transform Rules Write
  • Mass URL Redirects Write
  • Magic Firewall Write
  • L4 DDoS Managed Ruleset Write
  • HTTP DDoS Managed Ruleset Write
  • Sanitize Write
  • Transform Rules Write
  • Select Configuration Write
  • Bot Management Write
  • Zone WAF Write
  • Account WAF Write
  • Account Rulesets Write
  • Logs Write
  • Logs Write
Update a zone entry point ruleset
curl "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/rulesets/phases/http_request_firewall_managed/entrypoint" \
  --request PUT \
  --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
  --json '{
    "rules": [
        {
            "action": "execute",
            "expression": "true",
            "action_parameters": {
                "id": "<MANAGED_RULESET_ID>",
                "overrides": {
                    "enabled": false,
                    "rules": [
                        {
                            "id": "<RULE_ID_1>",
                            "action": "block",
                            "enabled": true
                        },
                        {
                            "id": "<RULE_ID_2>",
                            "action": "log",
                            "enabled": true
                        }
                    ]
                }
            }
        }
    ]
  }'

Example: Configure ruleset and rule overrides at the account level

The following PUT request uses the Update an account entry point ruleset operation to define a configuration that executes only two rules from a managed ruleset in the http_request_firewall_managed phase.

In this example:

  • "id": "<MANAGED_RULESET_ID>" defines the managed ruleset to execute for requests addressed to example.com.
  • "enabled": false defines an override at the ruleset level to disable all rules in the managed ruleset.
  • "rules": [{"id": "<RULE_ID_1>", "action": "block", "enabled": true}, {"id": "<RULE_ID_2>", "action": "log", "enabled": true}] defines a list of overrides at the rule level to enable two individual rules.

Required API token permissions

 At least one of the following token permissions is required:
  • Mass URL Redirects Write
  • Magic Firewall Write
  • L4 DDoS Managed Ruleset Write
  • Transform Rules Write
  • Select Configuration Write
  • Account WAF Write
  • Account Rulesets Write
  • Logs Write
Update an account entry point ruleset
curl "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/rulesets/phases/http_request_firewall_managed/entrypoint" \
  --request PUT \
  --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
  --json '{
    "rules": [
        {
            "action": "execute",
            "expression": "cf.zone.name eq \"example.com\" and cf.zone.plan eq \"ENT\"",
            "action_parameters": {
                "id": "<MANAGED_RULESET_ID>",
                "overrides": {
                    "enabled": false,
                    "rules": [
                        {
                            "id": "<RULE_ID_1>",
                            "action": "block",
                            "enabled": true
                        },
                        {
                            "id": "<RULE_ID_2>",
                            "action": "log",
                            "enabled": true
                        }
                    ]
                }
            }
        }
    ]
  }'