Rulesets
Ingests rulesets from Cloudflare, including account-level and zone-level rule configurations. This input collects information about all rule types such as WAF rules, rate limiting rules, DDoS protection, firewall rules, and transformation rules across your Cloudflare account or specific zones.
Sync Type: Full Synchronisation
Requirements
- A Cloudflare account with API access
- An API Token with
Account Rulesets:ReadorZone Rulesets:Readpermission - Your Cloudflare Account ID (for account-level rulesets) or Zone IDs (for zone-level rulesets)
- If neither Account ID nor Zone IDs are provided, the input will fetch rulesets from all zones in your account
Creating an API Token
- Log in to your Cloudflare dashboard
- Navigate to My Profile > API Tokens
- Click Create Token
- Use the Create Custom Token option
- Configure the token:
- Token name: Give it a descriptive name (e.g., "Monad Rulesets")
- Permissions: Add
Account>Rulesets>Read(for account-level rulesets) orZone>Rulesets>Read(for zone-level rulesets) - Account Resources: Select the specific account(s) or "All accounts"
- Click Continue to summary and then Create Token
- Copy the token value (you won't be able to see it again)
Finding Your Account ID and Zone IDs
Account ID:
- Log in to your Cloudflare dashboard
- Select the account you want to monitor
- The Account ID is displayed in the right sidebar on the overview page
- Alternatively, find it in the URL:
https://dash.cloudflare.com/{account_id}/...
Zone IDs:
- Log in to your Cloudflare dashboard
- Click on the domain (zone) you want
- The Zone ID is displayed in the right sidebar on the overview page
- Alternatively, find it in the API call responses
Details
- State Management: Uses deduping cron-based state management to fetch the complete inventory of rulesets on each run. Monad tracks which rulesets have been seen to avoid duplicate processing.
- Scope Options:
- Account-level rulesets: Retrieved from
/accounts/{account_id}/rulesets - Zone-level rulesets: Retrieved from
/zones/{zone_id}/rulesets - All zone rulesets: When no Account ID or Zone IDs are specified, fetches from all zones
- Account-level rulesets: Retrieved from
- Pagination: Cursor-based pagination with up to 50 records per page
- Rule Phases: Retrieves rulesets across all phases including ddos_l4, ddos_l7, http_config_settings, http_request_firewall_custom, http_request_firewall_managed, http_request_transform, http_response_headers_transform, and others
- Rate Limits: Standard Cloudflare API rate limits apply (see Rate Limits section below)
Configuration
Settings
| Setting | Type | Required | Description |
|---|---|---|---|
account_id | string | No | Cloudflare Account ID for account-level rulesets. |
zone_ids | array | No | List of specific Zone IDs for zone-level rulesets. If empty and Account ID is not specified, fetches from all zones. |
cron | string | Yes | Cron expression for sync schedule (e.g., 0 0 * * * for daily) |
Secrets
| Secret | Type | Required | Description |
|---|---|---|---|
api_token | string | Yes | API Token with Account Rulesets:Read or Zone Rulesets:Read permission |
Rate Limits
| Scope | Limit | Window | Notes |
|---|---|---|---|
| API Requests | 1,200 | per 5 minutes | Standard rate limit across Cloudflare API |
| Rulesets Endpoint | 4 | requests per second | Rate limit specific to rulesets API endpoints |
Headers: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset
Source: Cloudflare API Rate Limits
Troubleshooting
Common Issues
Issue: API returned success=false with authentication error
Cause: The API token is invalid, expired, or lacks the required permissions.
Solution: Verify your API token is correct and has Account Rulesets:Read or Zone Rulesets:Read permissions. Create a new token with the proper permissions if needed.
Issue: No rulesets found error
Cause: The specified Account ID or Zone IDs don't exist, or there are no rulesets configured.
Solution: Verify your Account ID and Zone IDs are correct in the Cloudflare dashboard. Ensure rulesets exist in the zones you're querying.
Issue: Rate limit exceeded (429 error) Cause: Too many requests to the rulesets API endpoint within the rate limit window. Solution: Increase the cron schedule interval to reduce the frequency of syncs. The input respects the 4 RPS limit on the rulesets endpoint.
Issue: API access not available
Cause: Your API token lacks the required rulesets permissions.
Solution: Create a new token with Rulesets:Read permissions for either accounts or zones depending on your needs.
Related Articles
- Cloudflare Rulesets API Documentation
- Cloudflare Rulesets Guide
- Cloudflare API Tokens
- Cloudflare API Rate Limits
Sample Record
{
"description": "Custom WAF rules for example.com",
"id": "e8c75c80-41d4-4f5f-8e3f-9d8c5f4e3b1a",
"kind": "custom",
"last_updated": "2024-01-15T10:30:00Z",
"name": "WAF Custom Rules",
"phase": "http_request_firewall_custom",
"source": "firewall_custom",
"version": 42
}