1# Common Patterns
2 
3## Deploy Managed Rulesets
4 
5```typescript
6// Deploy Cloudflare Managed Ruleset (default)
7await client.rulesets.create({
8  zone_id: 'zone_id',
9  kind: 'zone',
10  phase: 'http_request_firewall_managed',
11  name: 'Cloudflare Managed Ruleset',
12  rules: [{
13    action: 'execute',
14    action_parameters: {
15      id: 'efb7b8c949ac4650a09736fc376e9aee', // Cloudflare Managed
16      // Or: '4814384a9e5d4991b9815dcfc25d2f1f' for OWASP CRS
17      // Or: 'c2e184081120413c86c3ab7e14069605' for Exposed Credentials
18    },
19    expression: 'true', // All requests
20    // Or: 'http.request.uri.path starts_with "/api"' for specific paths
21    enabled: true,
22  }],
23});
24```
25 
26## Override Managed Ruleset
27 
28```typescript
29await client.rulesets.create({
30  zone_id: 'zone_id',
31  phase: 'http_request_firewall_managed',
32  rules: [{
33    action: 'execute',
34    action_parameters: {
35      id: 'efb7b8c949ac4650a09736fc376e9aee',
36      overrides: {
37        // Override specific rules
38        rules: [
39          { id: '5de7edfa648c4d6891dc3e7f84534ffa', action: 'log' },
40          { id: '75a0060762034b9dad4e883afc121b4c', enabled: false },
41        ],
42        // Override categories: wordpress, sqli, xss, rce, etc.
43        categories: [
44          { category: 'wordpress', enabled: false },
45          { category: 'sqli', action: 'log' },
46        ],
47      },
48    },
49    expression: 'true',
50  }],
51});
52```
53 
54## Custom Rules
55 
56```typescript
57await client.rulesets.create({
58  zone_id: 'zone_id',
59  kind: 'zone',
60  phase: 'http_request_firewall_custom',
61  name: 'Custom WAF Rules',
62  rules: [
63    // Attack score-based
64    { action: 'block', expression: 'cf.waf.score gt 50', enabled: true },
65    { action: 'challenge', expression: 'cf.waf.score gt 20', enabled: true },
66    
67    // Specific attack types
68    { action: 'block', expression: 'cf.waf.score.sqli gt 30 or cf.waf.score.xss gt 30', enabled: true },
69    
70    // Geographic blocking
71    { action: 'block', expression: 'ip.geoip.country in {"CN" "RU"}', enabled: true },
72  ],
73});
74```
75 
76## Rate Limiting
77 
78```typescript
79await client.rulesets.create({
80  zone_id: 'zone_id',
81  kind: 'zone',
82  phase: 'http_ratelimit',
83  name: 'Rate Limits',
84  rules: [
85    // Per-IP global limit
86    {
87      action: 'block',
88      expression: 'true',
89      action_parameters: {
90        ratelimit: {
91          characteristics: ['cf.colo.id', 'ip.src'],
92          period: 60,
93          requests_per_period: 100,
94          mitigation_timeout: 600,
95        },
96      },
97    },
98    
99    // Login endpoint (stricter)
100    {
101      action: 'block',
102      expression: 'http.request.uri.path eq "/api/login"',
103      action_parameters: {
104        ratelimit: {
105          characteristics: ['ip.src'],
106          period: 60,
107          requests_per_period: 5,
108          mitigation_timeout: 600,
109        },
110      },
111    },
112    
113    // API writes only (using counting_expression)
114    {
115      action: 'block',
116      expression: 'http.request.uri.path starts_with "/api"',
117      action_parameters: {
118        ratelimit: {
119          characteristics: ['cf.colo.id', 'ip.src'],
120          period: 60,
121          requests_per_period: 50,
122          counting_expression: 'http.request.method ne "GET"',
123        },
124      },
125    },
126  ],
127});
128```
129 
130## Skip Rules
131 
132```typescript
133await client.rulesets.create({
134  zone_id: 'zone_id',
135  kind: 'zone',
136  phase: 'http_request_firewall_custom',
137  name: 'Skip Rules',
138  rules: [
139    // Skip static assets (current ruleset only)
140    {
141      action: 'skip',
142      action_parameters: { ruleset: 'current' },
143      expression: 'http.request.uri.path matches "\\.(jpg|css|js|woff2?)$"',
144    },
145    
146    // Skip all WAF phases for trusted IPs
147    {
148      action: 'skip',
149      action_parameters: {
150        phases: ['http_request_firewall_managed', 'http_ratelimit'],
151      },
152      expression: 'ip.src in {192.0.2.0/24}',
153    },
154  ],
155});
156```
157 
158## Complete Setup Example
159 
160Combine all three phases for comprehensive protection:
161 
162```typescript
163const client = new Cloudflare({ apiToken: process.env.CF_API_TOKEN });
164const zoneId = process.env.ZONE_ID;
165 
166// 1. Custom rules (execute first)
167await client.rulesets.create({
168  zone_id: zoneId,
169  phase: 'http_request_firewall_custom',
170  rules: [
171    { action: 'skip', action_parameters: { phases: ['http_request_firewall_managed', 'http_ratelimit'] }, expression: 'ip.src in {192.0.2.0/24}' },
172    { action: 'block', expression: 'cf.waf.score gt 50' },
173    { action: 'managed_challenge', expression: 'cf.waf.score gt 20' },
174  ],
175});
176 
177// 2. Managed ruleset (execute second)
178await client.rulesets.create({
179  zone_id: zoneId,
180  phase: 'http_request_firewall_managed',
181  rules: [{
182    action: 'execute',
183    action_parameters: { id: 'efb7b8c949ac4650a09736fc376e9aee', overrides: { categories: [{ category: 'wordpress', enabled: false }] } },
184    expression: 'true',
185  }],
186});
187 
188// 3. Rate limiting (execute third)
189await client.rulesets.create({
190  zone_id: zoneId,
191  phase: 'http_ratelimit',
192  rules: [
193    { action: 'block', expression: 'true', action_parameters: { ratelimit: { characteristics: ['cf.colo.id', 'ip.src'], period: 60, requests_per_period: 100, mitigation_timeout: 600 } } },
194    { action: 'block', expression: 'http.request.uri.path eq "/api/login"', action_parameters: { ratelimit: { characteristics: ['ip.src'], period: 60, requests_per_period: 5, mitigation_timeout: 600 } } },
195  ],
196});
197```