Cloudflare Docs

Cloudflare Docs

Overview
About Logpush
Get started
Permissions
Enable destinations

Enable Amazon S3
Enable S3-compatible endpoints
Enable Datadog
Enable Google Cloud Storage
Enable BigQuery
Enable Microsoft Azure
Enable New Relic
Enable Splunk
Enable other providers
Enable Sumo Logic
Tutorials
Parse Cloudflare Logs JSON data
Reference
Logpush API configuration

Logpush examples

Manage Logpush with cURL
Manage Logpush with Python

Log fields

Zone-scoped datasets

DNS logs
Firewall events
HTTP requests
NEL reports
Spectrum events

Account-scoped datasets

Audit logs
Gateway DNS
Gateway HTTP
Gateway Network

Glossary
Pathing status
Firewall fields
WAF fields
Instant Logs
Logpull
Understanding the basics
Enabling log retention
Requesting logs
Additional details
FAQ

WAF fields

The Web Application Firewall (WAF) contains rules managed by Cloudflare to block requests that contain malicious content.

WAF Action

Value	Action	Description
`0`	Unknown	Take no other action.
`1`	Allow	Bypass all subsequent WAF rules.
`2`	Block	Block with an HTTP 403 response.
`3`	Challenge Allow	Issue a Managed Challenge.
`4`	Challenge Drop	Unused.
`5`	Log	Take no action other than logging the event.

Deprecated fields for internal Cloudflare use

The values of these fields are subject to change by Cloudflare at any time and are irrelevant for customer data analysis:

WAFFlags
WAFMatchedVar