CustomRuleset

Source: src/Cloudflare/Ruleset/CustomRuleset.ts

A standalone account-level Cloudflare ruleset (kind: "custom").

Custom rulesets are the Enterprise WAF deployment workflow: define a reusable ruleset once at the account level, then deploy it across zones with an execute rule in a phase entrypoint (see Cloudflare.RulesetAccountEntrypoint). Account-level WAF phases require an Enterprise plan — on lower plans, creation fails with the typed PhaseNotEntitled error.

For zone-level rules, use Cloudflare.Ruleset (the zone phase entrypoint) instead.

Custom Rulesets

Define an account custom WAF ruleset

const ruleset = yield* Cloudflare.CustomRuleset("SharedWafRules", {
  phase: "http_request_firewall_custom",
  description: "Org-wide exploit probes",
  rules: [
    {
      description: "Block .env probes",
      expression: `lower(http.request.uri.path) contains "/.env"`,
      action: "block",
    },
  ],
});

Deploy the custom ruleset via the account entrypoint

yield* Cloudflare.RulesetAccountEntrypoint("WafDeployment", {
  phase: "http_request_firewall_custom",
  rules: [
    {
      description: "Deploy shared WAF rules everywhere",
      expression: "true",
      action: "execute",
      actionParameters: { id: ruleset.rulesetId },
    },
  ],
});