Get a global WAF rule in a zone context
GET
/api/zones/{zoneId}/security/global-waf-rules/{id}
Read-only view of a single global WAF rule as seen from a zone context, including the zone's effective enabledForZone flag. The rule itself cannot be edited here; only the per-zone on/off toggle (PATCH enabledForZone) is writable.
Authorizations
ApiToken
Long-lived API token created via POST /api/api-tokens (returned once in plaintext).
Type
API Key (header: X-API-TOKEN)
or
JWT
JWT access token obtained via POST /api/auth/login. Send as: Authorization: Bearer
Type
HTTP (bearer)
Parameters
Path Parameters
zoneId*
zone-global-waf-rule identifier
Type
Requiredstring
id*
zone-global-waf-rule identifier
Type
Requiredstring
Responses
zone-global-waf-rule resource
JSON "@context": "string", "@id": "string", "@type": "string", "id": "550e8400-e29b-41d4-a716-446655440000", "description": "Block SQL injection attempts on the login endpoint", "enabled": true, "participationMode": "opt_out", "phase": "request", "order": 10, "match": "all", "conditions": [ ], "expression": "string", "action": "block", "status": 403, "score": 5, "rateBps": 1024, "delayMs": 250, "log": false, "stop": false, "createdAt": "2026-07-01T12:00:00+00:00", "updatedAt": "2026-07-01T12:00:00+00:00", "enabledForZone": true
{
}
