Cloudflare API firewall rules not updating on PUT request

I am trying to add a firewall rule and then update it via the api. I am following the official api docs and tried both the individual and the normal rule update requests. With the PUT request in the format{zoneid}/firewall/rules and the body

    "id": "{firewall_rule_id}",
        "filter": {
            "id": "{firewall_filter_id}",
            "expression": "(ip.src ne and http.request.full_uri contains \"\")",
            "description": "Restrict access from",
            "ref": "whitelist"
        "action": "block"

I get a result that indicates a success on the first look but the expression which needed to be updated is still the same as before. I tried deleting it and creating a new rule with the same ref and it seems it just recreates the old rule. When I add another value for ref though, it creates a new one.

With the PUT call to{zoneid}/firewall/rules/{rule_id} and the same body I get a code 10014 and firewallrules.api.malformed_request_body error.

Am I missing something here?

1 Like

So creating works, updating does not?

Yes, that is correct. Updating the same rule with the dashboard works though.

Your filter object does not seem to have a paused field. From the description it is not clear whether it is required or not, but try adding it.

Seems that there is no difference with adding paused. I forgot to mention, that updating the action field with the same requests works flawless (so action is updating but expression is not).

It would seem the filter is not updating then. That is handled as a separate object IIRC. Are you sure the filter ID is correct?

You seem to be using Cloudflare API v4 Documentation

Better try Cloudflare API v4 Documentation

1 Like

I use the ids that I get from the GET request which lists all rules. Also when testing with another ID the response says it fails to find the ID, so I think that I am using the right ones.

I tried using the individual update but it gives me a 10014: firewallrules.api.malformed_request_body (using the same json body as before). Also the JSON validator says it has the correct format.

1 Like

Probably best to open a support ticket at this point.

1 Like

Okay, thanks for your help anyways.

@sandro I am having exact same issue today.
Did Cloudflare indeed create a support ticket?
And any update on it?


Because “expression” is part of “filter”, I believe you have to use Filters API to be able to update it.

1 Like