Deploy Cloudflare WAF managed rulesets and configure exceptions via API

Verified steps

1. List available managed rulesets for your account by calling GET /accounts/{account_id}/rulesets and filtering for phase http_request_firewall_managed; note the ruleset IDs for the Cloudflare Managed Ruleset and the Cloudflare OWASP Core Ruleset.
2. Deploy a managed ruleset to a zone by creating an execute rule in the zone's http_request_firewall_managed phase entry-point ruleset: POST to /zones/{zone_id}/rulesets/{entrypoint_ruleset_id}/rules with action=execute and the managed ruleset ID in action_parameters.id.
3. Set overrides in the action_parameters.overrides object to change individual rule actions or sensitivity: specify rules by ID with a list in rules[], setting each rule's action or enabled field; use categories[] to override entire rule categories.
4. Create an exception (skip rule) by adding a rule with action=skip before the execute rule; in the action_parameters.ruleset field set the value to current, or target specific rulesets in action_parameters.rulesets[]; the position object (before: EXECUTE_RULE_ID) ensures the skip evaluates first.
5. Add a filter expression to the skip rule so it only exempts specific traffic (for example a known-good IP range or a specific URL path used by an internal tool) rather than disabling protection broadly.
6. Retrieve the phase entry-point ruleset ID for a zone with GET /zones/{zone_id}/rulesets/phases/http_request_firewall_managed/entrypoint if you do not already have it.