Cloudflare Docs
Ruleset-Engine
Visit Ruleset Engine on GitHub
Set theme to dark (⇧+D)

Actions reference

The action of a rule tells Cloudflare how to handle matches for the rule expression .

Supported actions

The table below lists the actions available in the Rules language.

Some actions, like Block, will stop the evaluation of the remaining rules. The Skip action will skip the evaluation of some rules when there is a match, but the exact behavior will depend on the rule configuration.

The available actions depend on the phase where you are configuring the rule. Refer to each product’s documentation for details on the phase(s) supported by that product.

ActionDescriptionStops rule evaluation?
Legacy CAPTCHA

API value:
challenge

Useful for ensuring that the visitor accessing the site is human, not automated.

The client that made the request must pass a CAPTCHA challenge.

If successful, Cloudflare accepts the matched request; otherwise, it is blocked.

Yes
JS Challenge

API value:
js_challenge

Useful for ensuring that bots and spam cannot access the requested resource; browsers, however, are free to satisfy the challenge automatically.

The client that made the request must pass a Cloudflare JavaScript Challenge before proceeding.

If successful, Cloudflare accepts the matched request; otherwise, it is blocked.

Yes
Managed Challenge (Recommended)

API value:
managed_challenge

Helps reduce the lifetimes of human time spent solving CAPTCHAs across the Internet.

Depending on the characteristics of a request, Cloudflare will dynamically choose the appropriate type of challenge from the following actions based on specific criteria:

  • Show a non-interactive challenge page (similar to the current JS Challenge).
  • Present an invisible proof of work challenge to the browser.
  • Show a custom interactive challenge (such as click a button).
  • Show a CAPTCHA challenge.
Yes
Block

API value:
block

Matching requests are denied access to the site.

Yes
Skip

API value:
skip

Allows user to dynamically skip one or more security features or products for a request.

Depending on the rule configuration, matching requests will skip the evaluation of one or more security features or products:

  • Skip all remaining rules in the current ruleset
  • Skip rulesets
  • Skip rules of a ruleset
  • Skip phases
  • Skip specific security products that are not based on the Ruleset Engine

The available skip options depend on the phase where you configure the rule. Refer to each product’s documentation for details.

No
(but some rules may be skipped)
Log

API value:
log

Records matching requests in the Cloudflare Logs.

Only available on Enterprise plans.

Recommended for validating rules before committing to a more severe action.

No
Execute

API value:
execute

Executes the rules in the ruleset specified in the rule configuration. You can specify a Managed Ruleset or a custom ruleset to execute.

In the Cloudflare dashboard, this action is not listed in action selection dropdowns.

No
Rewrite

API value:
rewrite

Adjusts the URI path, query string, and/or HTTP headers of requests and responses, according to the rule configuration.

Only available in:

  • Transform Rules, in phases http_request_transform, http_request_late_transform, and http_response_headers_transform. In the Cloudflare dashboard, this action is not listed in action selection dropdowns. To use this action, create a Transform Rule.
  • WAF custom rules checking for exposed credentials, in the http_request_firewall_custom phase at the account level. In the Cloudflare dashboard, this action is called Exposed-Credential-Check Header.
No
Redirect

API value:
redirect

Navigates the user from a source URL to a target URL, according to the rule configuration, by replying with an HTTP redirect.

Only available for Bulk Redirect Rules, in the http_request_redirect phase.

In the Cloudflare dashboard, this action is not listed in action selection dropdowns. To use this action, create a Bulk Redirect Rule.

Yes