Loading source
Pulling the file list, source metadata, and syntax-aware rendering for this listing.
Source from repo
Comprehensive Cloudflare platform skill covering Workers, D1, R2, KV, AI, Durable Objects, and security.
Files
Skill
Size
Entrypoint
Format
Open file
Syntax-highlighted preview of this file as included in the skill package.
references/waf/api.md
1# API Reference23## SDK Setup45```typescript6import Cloudflare from 'cloudflare';78const client = new Cloudflare({9apiToken: process.env.CF_API_TOKEN,10});11```1213## Core Methods1415```typescript16// List rulesets17await client.rulesets.list({ zone_id: 'zone_id', phase: 'http_request_firewall_managed' });1819// Get ruleset20await client.rulesets.get({ zone_id: 'zone_id', ruleset_id: 'ruleset_id' });2122// Create ruleset23await client.rulesets.create({24zone_id: 'zone_id',25kind: 'zone',26phase: 'http_request_firewall_custom',27name: 'Custom WAF Rules',28rules: [{ action: 'block', expression: 'cf.waf.score gt 40', enabled: true }],29});3031// Update ruleset (include rule id to keep existing, omit id for new rules)32await client.rulesets.update({33zone_id: 'zone_id',34ruleset_id: 'ruleset_id',35rules: [36{ id: 'rule_id', action: 'block', expression: 'cf.waf.score gt 40', enabled: true },37{ action: 'challenge', expression: 'http.request.uri.path contains "/admin"', enabled: true },38],39});4041// Delete ruleset42await client.rulesets.delete({ zone_id: 'zone_id', ruleset_id: 'ruleset_id' });43```4445## Actions & Phases4647### Actions by Phase4849| Action | Custom | Managed | Rate Limit | Description |50|--------|--------|---------|------------|-------------|51| `block` | ✅ | ❌ | ✅ | Block request with 403 |52| `challenge` | ✅ | ❌ | ✅ | Show CAPTCHA challenge |53| `js_challenge` | ✅ | ❌ | ✅ | JS-based challenge |54| `managed_challenge` | ✅ | ❌ | ✅ | Smart challenge (recommended) |55| `log` | ✅ | ❌ | ✅ | Log only, don't block |56| `skip` | ✅ | ❌ | ❌ | Skip rule evaluation |57| `execute` | ❌ | ✅ | ❌ | Deploy managed ruleset |5859### Phases (Execution Order)60611. `http_request_firewall_custom` - Custom rules (first line of defense)622. `http_request_firewall_managed` - Managed rulesets (pre-configured protection)633. `http_ratelimit` - Rate limiting (request throttling)644. `http_request_sbfm` - Super Bot Fight Mode (Pro+ only)6566## Expression Syntax6768### Fields6970```typescript71// Request properties72http.request.method // GET, POST, etc.73http.request.uri.path // /api/users74http.host // example.com7576// IP and Geolocation77ip.src // 192.0.2.178ip.geoip.country // US, GB, etc.79ip.geoip.continent // NA, EU, etc.8081// Attack detection82cf.waf.score // 0-100 attack score83cf.waf.score.sqli // SQL injection score84cf.waf.score.xss // XSS score8586// Headers & Cookies87http.request.headers["authorization"][0]88http.request.cookies["session"][0]89lower(http.user_agent) // Lowercase user agent90```9192### Operators9394```typescript95// Comparison96eq // Equal97ne // Not equal98lt // Less than99le // Less than or equal100gt // Greater than101ge // Greater than or equal102103// String matching104contains // Substring match105matches // Regex match (use carefully)106starts_with // Prefix match107ends_with // Suffix match108109// List operations110in // Value in list111not // Logical NOT112and // Logical AND113or // Logical OR114```115116### Expression Examples117118```typescript119'cf.waf.score gt 40' // Attack score120'http.request.uri.path eq "/api/login" and http.request.method eq "POST"' // Path + method121'ip.src in {192.0.2.0/24 203.0.113.0/24}' // IP blocking122'ip.geoip.country in {"CN" "RU" "KP"}' // Country blocking123'http.user_agent contains "bot"' // User agent124'not http.request.headers["authorization"][0]' // Header check125'(cf.waf.score.sqli gt 20 or cf.waf.score.xss gt 20) and http.request.uri.path starts_with "/api"' // Complex126```127128## Rate Limiting Configuration129130```typescript131{132action: 'block',133expression: 'http.request.uri.path starts_with "/api"',134action_parameters: {135ratelimit: {136// Characteristics define uniqueness: 'ip.src', 'cf.colo.id',137// 'http.request.headers["key"][0]', 'http.request.cookies["session"][0]'138characteristics: ['cf.colo.id', 'ip.src'], // Recommended: per-IP per-datacenter139period: 60, // Time window in seconds140requests_per_period: 100, // Max requests in period141mitigation_timeout: 600, // Block duration in seconds142counting_expression: 'http.request.method ne "GET"', // Optional: filter counted requests143requests_to_origin: false, // Count all requests (not just origin hits)144},145},146enabled: true,147}148```149150## Managed Ruleset Deployment151152```typescript153{154action: 'execute',155action_parameters: {156id: 'efb7b8c949ac4650a09736fc376e9aee', // Cloudflare Managed157overrides: {158// Override specific rules159rules: [160{ id: '5de7edfa648c4d6891dc3e7f84534ffa', action: 'log', enabled: true },161],162// Override categories: 'wordpress', 'sqli', 'xss', 'rce', etc.163categories: [164{ category: 'wordpress', enabled: false },165{ category: 'sqli', action: 'log' },166],167},168},169expression: 'true',170enabled: true,171}172```173174## Skip Rules175176Skip rules bypass subsequent rule evaluation. Two skip types:177178**Skip current ruleset**: Skip remaining rules in current phase only179```typescript180{181action: 'skip',182action_parameters: {183ruleset: 'current', // Skip rest of current ruleset184},185expression: 'http.request.uri.path ends_with ".jpg" or http.request.uri.path ends_with ".css"',186enabled: true,187}188```189190**Skip entire phases**: Skip one or more phases completely191```typescript192{193action: 'skip',194action_parameters: {195phases: ['http_request_firewall_managed', 'http_ratelimit'], // Skip multiple phases196},197expression: 'ip.src in {192.0.2.0/24 203.0.113.0/24}',198enabled: true,199}200```201202**Note**: Skip rules in custom phase can skip managed/ratelimit phases, but not vice versa (execution order).