20132: only ratelimit rules can be placed in the http_ratelimit phase

What is the name of the domain?

tb.tools

What is the error number?

21032

What is the error message?

“message”: “only ratelimit rules can be placed in the http_ratelimit phase”

What is the issue you’re encountering

When attempting to create cloudflare rules via terraform 5.0.0alpha1, using the example from here; Terraform Registry, I get the error in the title.

What steps have you taken to resolve the issue?

I can create the rules using TF 4.45.0, but it comes with other issues. I’ve also demonstrated that I can create the rules in the dashboard.

What are the steps to reproduce the issue?

terraform → apply (passes validation OK)

Here is the Terraform;

resource “cloudflare_ruleset” “waf_rate_limiting_rules” {

zone_id = var.cloudflare_zone_id
name = “${var.tags.env}_waf_rate_limiting_rules”
description = “Rate limiting rules for API endpoints in ${var.tags.env}”
kind = “zone”
phase = “http_ratelimit”

rules = [
{
action = “block”
expression = “(http.request.method == "POST")”
description = “Rate limit excessive POST requests to any API endpoint”
enabled = true

  ratelimit = {
    characteristics     = ["cf.colo.id", "ip.src"]
    requests_per_period = 1000
    period              = 60
    mitigation_timeout  = 600
    mitigation          = "managed_challenge" # Specify the mitigation method
  }
},
{
  action      = "block"
  expression  = "(http.request.method == \"POST\" and http.request.uri.path == \"/api/youtubevideos/UpdateVideoMetadata\")"
  description = "Rate limit Video Metadata endpoint"
  enabled     = true

  ratelimit = {
    characteristics     = ["cf.colo.id", "ip.src"]
    requests_per_period = 1000
    period              = 60
    mitigation_timeout  = 600
    mitigation          = "managed_challenge" # Specify the mitigation method
  }
}

]

}

Looks a valid error. You can try to make the terraform output more verbose and see what the actual API endpoint that your terraform are trying to make when the error hapenning and do a same with curl command.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.