Cloudflare Docs
Waf
Cloudflare Docs
WAF
Search icon (depiction of a magnifying glass)
GitHub icon
Visit WAF on GitHub
Set theme to dark (⇧+D)

Define WAF exceptions via API

To define a WAF exception via API, create a rule with skip action in a phase entry point ruleset of the http_request_firewall_managed phase. You can define WAF exceptions at the account level and at the zone level.

To configure the WAF exception, define the action_parameters object according to the exception type .

Refer to Add rules to phase entry point rulesets for more information on adding rules using the Rulesets API .

Skip all remaining rules

To skip all the remaining rules in the entry point ruleset, create a rule with skip action and include "ruleset": "current" in the action_parameters object.

Example of rule definition:

{
  "expression": "<RULE_EXPRESSION>",
  "action": "skip",
  "action_parameters": {
    "ruleset": "current"
  }
}

Skipping all remaining rules only affects the rules in the current context (account or zone). For example, adding a rule with skip action to the account-level phase entry point ruleset has no impact on the rules defined in the zone-level phase entry point ruleset — these zone-level rules will still be evaluated.

Skip one or more WAF Managed Rulesets

To skip one or more WAF Managed Rulesets, create a rule with skip action containing a rulesets field in the action_parameters object. The rulesets field must contain a list of WAF Managed Ruleset IDs you wish to skip.

Example of rule definition:

{
  "expression": "<RULE_EXPRESSION>",
  "action": "skip",
  "action_parameters": {
    "rulesets": ["{waf-managed-ruleset-id-1}", "{waf-managed-ruleset-id-2}"]
  }
}

The Managed Rulesets to skip must belong to the http_request_firewall_managed phase.

Skip one or more rules of WAF Managed Rulesets

To skip one or more rules of WAF Managed Rulesets, create a rule with skip action containing a rules object in the action_parameters object. The rules object must contain one or more Managed Ruleset IDs as keys, and a list of rules to skip in those Managed Rulesets as the value of each key.

The following example defines a rule with skip action that will skip rules A and B of WAF Managed Ruleset 1, and rule X of WAF Managed Ruleset 2:

{
  "expression": "<RULE_EXPRESSION>",
  "action": "skip",
  "action_parameters": {
    "rules": {
      "{waf-managed-ruleset-id-1}": ["{rule-id-A}", "{rule-id-B}"],
      "{waf-managed-ruleset-id-2}": ["{rule-id-X}"]
    }
  }
}

The rules in the rules object must belong to the specified WAF Managed Rulesets, otherwise you will get an error.