Can we use API to create WAF custom rule in free version?

shyam.baseapp · December 19, 2024, 7:32pm

What is the name of the domain?

devscript.cloud

What is the issue you’re encountering

I want to create a WordPress plugin to manage WAF custom rules for a specific zone ID. Can we use the Cloudflare API endpoint https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets to create custom rules in the free version of Cloudflare?

cloonan · December 20, 2024, 12:21am

I’ve not tried it via the API, but I don’t see any mention of plan restrictions in the docs, Create a custom rule via API · Cloudflare Web Application Firewall (WAF) docs

shyam.baseapp · December 20, 2024, 5:02am

In the free version, we cannot create custom rulesets. How can we create a custom WAF rule using the ruleset ID for the zone ID?

shyam.baseapp · December 20, 2024, 5:17am

For Workers & Pages, what is the name of the domain?

devscript.cloud

What is the issue or error you’re encountering

I want to create a WordPress plugin to manage WAF custom rules for a specific zone ID. Can we use the Cloudflare API endpoint https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets to create custom rules in the free version of Cloudflare? In the free version, we cannot create custom rulesets. How can we create a custom WAF rule for the zone ID?

Screenshot of the error

DarkDeviL · December 20, 2024, 5:35am

Account-level WAF requires Enterprise.

The Custom Rulesets (e.g. collections of rules) requires Enterprise.

You can create “Custom rules” on each individual zone, which CAN be done with the Free plan.

If you’re having a rule, such as e.g. blocking all traffic that appears to originate from outside the European continent, then you will have to apply that rule individually, - once for “example.com”, and once for “example.eu”, if you want the rule to apply to both domains.

The confusion above seems to caused by mixing together individual “Custom rules” (Free) and account-level “Custom rulesets” (Enterprise).

shyam.baseapp · December 20, 2024, 6:10am

Can we create “ Custom rules ” (Free) using the new API instead of the deprecated one?

shyam.baseapp · December 20, 2024, 12:51pm

When you list all the rulesets using API, you will get one with a ruleset ID for WAF custom rules. You can create up to 5 custom rules for a zone ID in Cloudflare’s free version using this ruleset ID. For example:

{
“description”: “”,
“id”: “fff7f8f0d9f8s0dfgsdf808fsd09”,
“kind”: “zone”,
“last_updated”: “2024-12-20T07:57:21.388532Z”,
“name”: “default”,
“phase”: “http_request_firewall_custom”,
“source”: “firewall_custom”,
“version”: “20”
}
Create a custom rule:
https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/{ruleset_id}/rules \

system · December 22, 2024, 12:51pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can API create WAF custom rules for free plan? API	1	21	December 10, 2024
How to write a waf rule on cloudflare General	4	4244	December 24, 2021
Creating a WAF rule, where do I find {ruleset_id}? API	6	1995	November 27, 2023
Http_request_firewall_custom not coming on get rulesets API call API	2	28	January 27, 2025
Migrate from Zone-level Web Application Firewall (WAF) to "Ruleset API"? Security	1	1342	May 5, 2023