I am trying to create/update a Redirect rule - single redirect via API.
curl https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets \
--header "Authorization: Bearer <API_TOKEN>" \
--header "Content-Type: application/json" \
--data '{
"name": "Redirect rules ruleset",
"kind": "zone",
"phase": "http_request_redirect",
"rules": [
{
"expression": "(ip.geoip.country eq \"GB\" or ip.geoip.country eq \"FR\") and http.request.uri.path eq \"/\"",
"description": "Redirect GB and FR users on home page to the localized site.",
"action": "redirect",
"action_parameters": {
"from_value": {
"target_url": {
"expression": "lower(concat(\"https://\", ip.geoip.country, \".example.com\"))"
},
"status_code": 307,
"preserve_query_string": true
}
}
}
]
}'
The error response is:
missing the permissions required to update root rulesets in the http_request_redirect phase at the zone level
This should do it for you:
I have created a token as with permissions as above and still receive the error.
missing the permissions required to create zone rulesets in the http_request_redirect phase at the zone level
That’s weird, because I just created the token and tested it again, and it worked:
This command:
https://developers.cloudflare.com/rules/url-forwarding/single-redirects/create-api/#example-requests
{
"result": {
"id": "fa46bd58c94d4d0cb09c00e953af4c16",
"name": "Redirect rules ruleset",
"description": "",
"kind": "zone",
"version": "1",
"rules": [
{
"id": "c9167a150aa340519c24e0cf17fbc886",
"version": "1",
"action": "redirect",
"expression": "(ip.geoip.country eq \"GB\" or ip.geoip.country eq \"FR\") and http.request.uri.path eq \"/\"",
"description": "Redirect GB and FR users in home page to localized site.",
"last_updated": "2024-03-27T01:23:32.82644Z",
"ref": "c9167a150aa340519c24e0cf17fbc886",
"enabled": true,
"action_parameters": {
"from_value": {
"status_code": 307,
"target_url": {
"expression": "lower(concat(\"https://\", ip.geoip.country, \".example.com\"))"
},
"preserve_query_string": true
}
}
}
],
"last_updated": "2024-03-27T01:23:32.82644Z",
"phase": "http_request_dynamic_redirect"
},
"success": true,
"errors": [],
"messages": []
}
I noticed you’re using http_request_dynamic_redirect while I’m using http_request_redirect. Perhaps http_request_redirect requires different permissions?
Ah, good point. http_request_redirect looks to be Bulk Redirects:
https://developers.cloudflare.com/rules/url-forwarding/bulk-redirects/create-api/
Except the rule you are making is a Dynamic redirect, which is the code listed here:
https://developers.cloudflare.com/rules/url-forwarding/single-redirects/terraform-example/
You’ll need to change the phase to http_request_dynamic_redirect to create what you stated:
1 Like
system
March 29, 2024, 2:24am
8
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.
