Terraform configuration examples
The following Terraform configuration examples address common scenarios for managing, configuring, and using WAF content scanning.
For more information, refer to the Terraform Cloudflare provider documentation ↗.
If you are using the Cloudflare API, refer to Common API calls.
Use the cloudflare_content_scanning resource to enable content scanning for a zone. For example:
resource "cloudflare_content_scanning" "zone_content_scanning_example" { zone_id = "<ZONE_ID>" enabled = true}Use the cloudflare_content_scanning_expression resource to add a custom scan expression. For example:
resource "cloudflare_content_scanning_expression" "my_custom_scan_expression" { zone_id = <ZONE_ID> payload = "lookup_json_string(http.request.body.raw, \"file\")"}For more information, refer to Custom scan expressions.
This example adds a custom rule that blocks requests with one or more content objects considered malicious by using one of the content scanning fields in the rule expression.
To use the cf.waf.content_scan.has_malicious_obj field you must enable content scanning.
resource "cloudflare_ruleset" "zone_custom_firewall_malicious_uploads" { zone_id = "<ZONE_ID>" name = "Phase entry point ruleset for custom rules in my zone" description = "" kind = "zone" phase = "http_request_firewall_custom"
rules { ref = "block_malicious_uploads" description = "Block requests uploading malicious content objects" expression = "(cf.waf.content_scan.has_malicious_obj and http.request.uri.path eq \"/upload.php\")" action = "block" }}For additional Terraform configuration examples, refer to WAF custom rules configuration using Terraform.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark