CD
Cloudflare Developers11mo ago
Erisa

The documentation I linked contains

The documentation I linked contains links to the relevant API endpoint documentations
5 Replies
lokiwind
lokiwind11mo ago
https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/{ruleset_id}/rules Erisa I think I need to have rulesets id to create a rate limit rule, right?
Erisa
Erisa11mo ago
Yes, this is covered on https://developers.cloudflare.com/waf/rate-limiting-rules/create-api/ Point 1
Invoke the List zone rulesets method to obtain the list of rulesets in your zone. You will need the zone ID for this operation.
It then covers in points 2 and 3 what to do if there is a ruleset and if there is not
lokiwind
lokiwind11mo ago
Yes there are ruleset ids created by cloudflare Can I create a rate limit rule using the id information of any of these listed rule sets I sent you?
Erisa
Erisa11mo ago
No, please follow point 2 on https://developers.cloudflare.com/waf/rate-limiting-rules/create-api/
Search for an entry point ruleset for the http_ratelimit phase in the response. Such a ruleset would have the following properties: "kind": "zone" and "phase": "http_ratelimit".
lokiwind
lokiwind11mo ago
AH okey CURLOPT_POSTFIELDS => "{\n \"description\": \"My ruleset to execute managed rulesets\",\n \"kind\": \"zone\",\n \"name\": \"My ruleset\",\n \"phase\": \"http_ratelimit\"},\n }\n ]\n}", Is it enough to create a rulesets like this NotLikeThis
$curl = curl_init();

curl_setopt_array($curl, [
  CURLOPT_URL => "https://api.cloudflare.com/client/v4/zones/********************df2c7c9f4ff6/rulesets",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => json_encode([
    "description" => "My ruleset to execute managed rulesets",
    "kind" => "zone",
    "name" => "My ruleset",
    "phase" => "http_ratelimit",
    "rules" => [
      [
        "action" => "block",
        "action_parameters" => [
          "response" => [
            "content" => "{\n  \"success\": false,\n  \"error\": \"you have been blocked\"\n}",
            "content_type" => "application/json",
            "status_code" => 400
          ]
        ],
        "description" => "Block when the IP address is not 1.1.1.1",
        "enabled" => true,
        "expression" => "ip.src ne 1.1.1.1",
        "ref" => "my_ref"
      ]
    ]
  ]),
  CURLOPT_HTTPHEADER => [
    "Content-Type: application/json",
    "X-Auth-Email: ***********@gmail.com",
    "X-Auth-Key: ****************"
  ],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}
$curl = curl_init();

curl_setopt_array($curl, [
  CURLOPT_URL => "https://api.cloudflare.com/client/v4/zones/********************df2c7c9f4ff6/rulesets",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => json_encode([
    "description" => "My ruleset to execute managed rulesets",
    "kind" => "zone",
    "name" => "My ruleset",
    "phase" => "http_ratelimit",
    "rules" => [
      [
        "action" => "block",
        "action_parameters" => [
          "response" => [
            "content" => "{\n  \"success\": false,\n  \"error\": \"you have been blocked\"\n}",
            "content_type" => "application/json",
            "status_code" => 400
          ]
        ],
        "description" => "Block when the IP address is not 1.1.1.1",
        "enabled" => true,
        "expression" => "ip.src ne 1.1.1.1",
        "ref" => "my_ref"
      ]
    ]
  ]),
  CURLOPT_HTTPHEADER => [
    "Content-Type: application/json",
    "X-Auth-Email: ***********@gmail.com",
    "X-Auth-Key: ****************"
  ],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}
Response: { "result": null, "success": false, "errors": [ { "code": 20018, "message": "logging options only allowed in the skip action", "source": { "pointer": "/rules/0/logging" } }, { "code": 20132, "message": "only ratelimit rules can be placed in the http_ratelimit phase", "source": { "pointer": "/rules/0" } } ], "messages": null } what am I doing NotLikeThis
Want results from more Discord servers?
Add your server
More Posts
Allow example.com/x/* but block everything else.I wanted to know if it was possible for me to use access to allow example.com/share/* but block examHow to deploy to previewThis is how I tried to deploy but it still gets deployed to prod: `wrangler pages deploy --env previInvalid URL when initiating AssemblyScript generated WASMI'm writing code in AssemblyScript and compiling it to WASM. AssemblyScript also generates JS bindinWARP to WARPBy enabling WARP to WARP in Zero Trust settings, is one enrolled device able to "find" other enrolleDownload Images from URLI'm trying to setup a button where I am able to just click a button and download a image from my bucHow does worker max time work precisely?What (I think) I understand: - When using paid plan, you can make use of either Bundled or Unbound Link domain start with www.i had been linked my website with domain "skyrise.site" first and when i try to link another link toZero Trust - NetworkHey all, quick question. I'm setting up portainer and trying the zero trust docker container versiosocket with one instance durable objectPlease help me You are using a worker socket and one durable object instance. When 100 people connecDoes cloudflare only manages HTTP and HTTPS portsI have a VPS configured with Cloudflare using Nginx. This same VPS hosts a Postgres database on port