Enable or disable a global WAF rule for a zone
PATCH
/api/zones/{zoneId}/security/global-waf-rules/{id}
Turns a global WAF rule on or off for this zone by recording the zone's explicit preference; the global rule itself is never modified. Send enabledForZone (global rules are on by default, so false opts the zone out). An opted-out rule is not enforced for the zone but still contributes to the shadow anomaly score.
Authorizations
ApiToken
Long-lived API token created via POST /api/api-tokens (returned once in plaintext).
Type
API Key (header: X-API-TOKEN)
or
JWT
JWT access token obtained via POST /api/auth/login. Send as: Authorization: Bearer
Type
HTTP (bearer)
Parameters
Path Parameters
zoneId*
zone-global-waf-rule identifier
Type
Requiredstring
id*
zone-global-waf-rule identifier
Type
Requiredstring
Request Body
application/merge-patch+json
JSON "enabledForZone": true
{
}
Responses
zone-global-waf-rule resource updated
JSON "@context": "string", "@id": "string", "@type": "string", "id": "550e8400-e29b-41d4-a716-446655440000", "description": "Block SQL injection attempts on the login endpoint", "enabled": true, "participationMode": "opt_out", "phase": "request", "order": 10, "match": "all", "conditions": [ ], "expression": "string", "action": "block", "status": 403, "score": 5, "rateBps": 1024, "delayMs": 250, "log": false, "stop": false, "createdAt": "2026-07-01T12:00:00+00:00", "updatedAt": "2026-07-01T12:00:00+00:00", "enabledForZone": true
{
}
