APIを介して作成する

Rulesets APIを使用して、APIを介してレート制限ルールを作成します。

レート制限ルールは、Ruleset Engineによって処理される通常のルールに似ていますが、レート制限の設定を含む追加のratelimitオブジェクトがあります。このフィールドとそのパラメータに関する詳細は、レート制限パラメータを参照してください。

レート制限ルールは、http_ratelimit フェーズエントリーポイントルールセットにデプロイする必要があります。

レート制限ルールは、ルールリストの最後に表示する必要があります。

レート制限ルールを作成する

To create a レート制限ルール for a zone, add a rule `ratelimit`オブジェクトを持つ to the http_ratelimit phase entry point ruleset.

Invoke the List zone rulesets method to obtain the list of rulesets in your zone. You will need the zone ID for this operation.
Search for an entry point ruleset for the http_ratelimit phase in the response. Such a ruleset would have the following properties: "kind": "zone" and “phase”: "http_ratelimit". If you find the ruleset, take note of its ID for the next step.
If the entry point ruleset already exists, invoke the Create a zone ruleset rule operation to add a レート制限ルール to the existing ruleset. By default, the rule will be added at the end of the list of rules already in the ruleset. Refer to the examples below for details.

If the entry point ruleset does not exist, invoke the Create a zone ruleset operation to create the entry point ruleset with the new レート制限ルール. Refer to Create ruleset for an example.

例 A - リクエストプロパティに基づくレート制限

この例では、IDが{zone_id}のゾーンのhttp_ratelimitフェーズエントリーポイントルールセットにレート制限ルールを追加します。フェーズエントリーポイントルールセットはすでに存在し、IDは{ruleset_id}です。

curl https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/{ruleset_id}/rules \
--header "Authorization: Bearer <API_TOKEN>" \
--header "Content-Type: application/json" \
--data '{
  "description": "私のレート制限ルール",
  "expression": "(http.request.uri.path matches \"^/api/\")",
  "action": "block",
  "ratelimit": {
    "characteristics": [
      "cf.colo.id",
      "ip.src",
      "http.request.headers[\"x-api-key\"]"
    ],
    "period": 60,
    "requests_per_period": 100,
    "mitigation_timeout": 600
  }
}'

To define a specific position for the new rule, include a position object in the request body according to the guidelines in Change the order of a rule in a ruleset.

For instructions on creating an entry point ruleset and defining its rules using a single API call, refer to Add rules to phase entry point rulesets.

例 B - カスタムレスポンスを持つレート制限

新しいルールは、レート制限によりブロックされたリクエストに対するカスタムレスポンスを定義します。

curl https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/{ruleset_id}/rules \
--header "Authorization: Bearer <API_TOKEN>" \
--header "Content-Type: application/json" \
--data '{
  "description": "私のレート制限ルール",
  "expression": "(http.request.uri.path matches \"^/api/\")",
  "action": "block",
  "action_parameters": {
    "response": {
      "status_code": 403,
      "content": "レート制限が適用されました。",
      "content_type": "text/plain"
    }
  },
  "ratelimit": {
    "characteristics": [
      "cf.colo.id",
      "ip.src",
      "http.request.headers[\"x-api-key\"]"
    ],
    "period": 60,
    "requests_per_period": 100,
    "mitigation_timeout": 600
  }
}'

To define a specific position for the new rule, include a position object in the request body according to the guidelines in Change the order of a rule in a ruleset.

For instructions on creating an entry point ruleset and defining its rules using a single API call, refer to Add rules to phase entry point rulesets.

例 C - キャッシュされたアセットを無視するレート制限

新しいルールは、レートを計算する際にキャッシュされたアセットのリクエストを考慮しません。

curl https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/{ruleset_id}/rules \
--header "Authorization: Bearer <API_TOKEN>" \
--header "Content-Type: application/json" \
--data '{
  "description": "私のレート制限ルール",
  "expression": "(http.request.uri.path matches \"^/api/\")",
  "action": "block",
  "ratelimit": {
    "characteristics": [
      "cf.colo.id",
      "ip.src",
      "http.request.headers[\"x-api-key\"]"
    ],
    "period": 60,
    "requests_per_period": 100,
    "mitigation_timeout": 600,
    "requests_to_origin": true
  }
}'

To define a specific position for the new rule, include a position object in the request body according to the guidelines in Change the order of a rule in a ruleset.

For instructions on creating an entry point ruleset and defining its rules using a single API call, refer to Add rules to phase entry point rulesets.

例 D - 複雑さに基づくレート制限ルール

新しいルールは、クライアントの総複雑さスコアを計算するためにmy-scoreHTTPレスポンスヘッダーを考慮する複雑さに基づくレート制限ルールです。レート制限ルールのカウント式（この場合、ルール式と同じ）に一致するたびに、総スコアを持つカウンターが更新されます。この総スコアが60秒間に400を超えると、その後のクライアントリクエストは600秒（10分）間ブロックされます。

curl https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/{ruleset_id}/rules \
--header "Authorization: Bearer <API_TOKEN>" \
--header "Content-Type: application/json" \
--data '{
  "description": "私の複雑さに基づくレート制限ルール",
  "expression": "http.request.uri.path matches \"^/graphql/\"",
  "action": "block",
  "ratelimit": {
    "characteristics": [
      "cf.colo.id",
      "http.request.headers[\"x-api-key\"]"
    ],
    "period": 60,
    "score_per_period": 400,
    "score_response_header_name": "my-score",
    "mitigation_timeout": 600,
    "counting_expression": ""
  }
}'

To define a specific position for the new rule, include a position object in the request body according to the guidelines in Change the order of a rule in a ruleset.

For instructions on creating an entry point ruleset and defining its rules using a single API call, refer to Add rules to phase entry point rulesets.

次のステップ

Rulesets APIのさまざまな操作を使用して、作成したルールを操作します。以下の表には、ゾーンレベルでのレート制限ルールに関する一般的なタスクのリストがあります。

Task Procedure

List all rules in ruleset

Task	Procedure
List all rules in ruleset	Use the Get a zone entry point ruleset operation with the `http_ratelimit` phase name to obtain the list of configured レート制限ルール and their IDs. For more information, refer to View a specific ruleset.
Update a rule	Use the Update a zone ruleset rule operation. You will need to provide the ruleset ID and the rule ID. To obtain these IDs, you can use the Get a zone entry point ruleset operation with the `http_ratelimit` phase name. For more information, refer to Update a rule in a ruleset.
Delete a rule	Use the Delete a zone ruleset rule operation. You will need to provide the ruleset ID and the rule ID. To obtain these IDs, you can use the Get a zone entry point ruleset operation with the `http_ratelimit` phase name. For more information, refer to Delete a rule in a ruleset.

Use the Get a zone entry point ruleset operation with the http_ratelimit phase name to obtain the list of configured レート制限ルール and their IDs.

For more information, refer to View a specific ruleset.

Update a rule

Use the Update a zone ruleset rule operation.

You will need to provide the ruleset ID and the rule ID. To obtain these IDs, you can use the Get a zone entry point ruleset operation with the http_ratelimit phase name.

For more information, refer to Update a rule in a ruleset.

Delete a rule

Use the Delete a zone ruleset rule operation.

You will need to provide the ruleset ID and the rule ID. To obtain these IDs, you can use the Get a zone entry point ruleset operation with the http_ratelimit phase name.

For more information, refer to Delete a rule in a ruleset.

These operations are covered in the Ruleset Engine documentation. The Ruleset Engine powers different Cloudflare products, including レート制限ルール.

Cloudflare Dashboard Discord Community Learning Center Support Portal

Cookie Settings