Exceeded maximum number of zone rulesets for phase

Hello everyone,

So, I was able to create once a custom rule on WAF through my script but after deleting the custom rule on GUI, tried again and I am no longer able to recreate, every time I try it, I got this:

Status code: 400
{
“result”: null,
“success”: false,
“errors”: [
{
“message”: “exceeded maximum number of zone rulesets for phase ‘http_request_firewall_custom’”,
“source”: {
“pointer”: “”
}
}
],
“messages”: null
}

My script pay load (IPs changed with x):

rule_payload = {
“description”: “Tenable allowlist”,
“Kind”: “zone”,
“name”: “Tenable allowlist”,
“phase”: “http_request_firewall_custom”,
“rules”: [
{
“action”: “skip”,
“action_parameters”: {
“products”: [“waf”]
},
“enabled”: True,
“expression”: “(ip.src in {x/26}) or (ip.src in {x/25}) or (ip.src in {x/25}) or (ip.src in {x/26})”,
“logging”: {
“enabled”: True
}
}
],
}

From GUI:

So far what I have tried without success:

  • Change the “name” parameter to something else
  • Wait 24 hours since it was deleted
  • Have check all features with rules to see if there was some rule somewhere
  • Tried to set “kind” with custom, but unable to use “http_request_firewall_custom” with it:

“message”: “‘custom’ is not a valid value for kind because kind "custom" cannot be used for phase "http_request_firewall_custom"”,

Any thoughts?

Thank you!

Like that I’ve been following:
[Cloudflare API Documentation]
[Preformatted text](https://developers.cloudflare.com/api/operations/createZoneRuleset)

It’s likely the old ruleset still exists, though empty since you deleted the rule.

Try listing your rulesets to get its ID. Then either delete that empty ruleset, or use its ID when you create the new rule.

https://developers.cloudflare.com/api/operations/listZoneRulesets

Thank you, found it!

image

But was not supposed to have this rule on both sides (API side and WebGUI side)? mostly when it’s deleted on Webgui?

Think that maybe missing here something.

After checking API zones rules (created manually before on other zones through webgui), can see that what I’ve on WAF, don’t match with what I get with API, do you know how can I get and write through API here?

Because, at least with http_request_firewall_custom phase, can only add one, and if I delete after the rule on webgui, it persists hidden, and can only be listed through API:

developers.cloudflare.com/api/operations/createZoneRuleset

So have found that “ruleset” is not the same as “rule” as I was thinking, after several tests, noticed that each ruleset is related with a type of rule, and can only have one type per zone (at regarding this phase that I am using, have not tested with others), and within this “ruleset”, I should create the rules.

Thank you for the help!

https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/{ruleset_id}/rules

[Add rules to a custom ruleset · Cloudflare Ruleset Engine docs](https://developers.cloudflare.com/ruleset-engine/custom-rulesets/add-rules-ruleset/)

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.