Cloudflare Docs

Cloudflare Docs

Overview
About
Custom rules
Create custom rules in the dashboard
Create custom rules via API
Configure a rule with the Skip action

API examples
Skip options

Manage custom rules in the dashboard
Rate limiting rules
Determining the request rate
Create rate limiting rules in the dashboard
Create rate limiting rules via API
Rate limiting parameters
Common use cases
Managed Rulesets
Cloudflare Managed Ruleset
Cloudflare OWASP Core Ruleset
Cloudflare Exposed Credentials Check
Deploy Managed Rulesets for a zone
Deploy rulesets via API
Defining WAF exceptions

Define WAF exceptions in the dashboard
Define WAF exceptions via API

Log the payload of matched rules

Configure payload logging in the dashboard
View the payload content in the dashboard
Configure payload logging via API
Command-line operations

Generate a key pair
Decrypt the payload content
Firewall rules
Automated exposed credentials check
How exposed credentials checks work
Configure exposed credentials checks via API
Test your exposed credentials checks configuration
Monitor exposed credentials events
Analytics
Free plan
Paid plans
Additional information
Alerts
Change log
Scheduled changes
2022-03-14
2022-03-07
2022-02-28
2022-02-21
2022-02-14
2022-01-24
2021-12-16 – Emergency
2021-12-14 – Emergency
2021-12-10 – Emergency
2021-11-01
2021-10-25
2021-10-19
2021-10-04
2021-09-06
2021-09-01 – Emergency
2021-08-31
2021-08-23
2021-08-16
2021-07-26
2021-07-19
2021-07-01 – Emergency
2021-06-21
2021-06-14
2021-06-07
2021-06-01
2021-04-21 – Emergency
2021-04-19
2021-03-22
2021-03-08
2021-03-06 – Emergency
2021-03-05 – Emergency
2021-03-01
2020-12-14
2020-12-02
2020-11-16
2020-11-05 – Emergency
2020-11-04 – Emergency
2020-10-19
2020-10-12
2020-10-05
2020-09-28
2020-09-21
2020-09-15
2020-09-07
2020-08-24
2020-09-01
2020-07-27
2020-08-03
2020-07-20
2020-07-07 – Emergency
2020-07-13
2020-06-22
2020-06-15
2020-06-08
2020-05-25
2020-05-11
2020-05-04
2020-04-27
2020-04-20
2020-04-06
2020-03-30
2020-03-23
2020-03-12
2020-03-09
2020-03-02 – Emergency
2020-02-17
2020-02-10
2020-01-27
2020-01-20
2020-01-16 – Emergency
2019-12-16
2019-11-25 – Emergency
2019-11-12
2019-11-07 – Emergency
2019-11-04
2019-10-27 – Emergency
2019-10-23 – Emergency
2019-10-21
2019-10-17 – Emergency
2019-10-14
2019-10-07
2019-09-30
2019-09-26 – Emergency
2019-09-16
Historical

Cloudflare Web Application Firewall

The Cloudflare Web Application Firewall (WAF) provides both automatic protection from vulnerabilities and the flexibility to create custom rules.

Learn more WAF Managed Rulesets Managed Rulesets change log

Main features

Custom rules: Create your own custom rules to protect your website and your APIs from malicious incoming traffic.
Rate limiting rules: Define rate limits for incoming requests matching an expression, and the action to take when those rate limits are reached.
WAF Managed Rulesets: Enable the pre-configured Managed Rulesets to get immediate protection. These rulesets are regularly updated, offering advanced zero-day vulnerability protections. Adjust the behavior of managed rules, choosing from several possible actions.
Exposed Credential Checks: Monitor and block use of stolen/exposed credentials for account takeover.
Firewall Analytics: Identify and investigate security threats using an intuitive interface. Tailor your security configurations based on the activity log.

Availability

The new Cloudflare WAF announced in March 2021 is available for select customers on paid plans. The exact features and limits depend on your current plan. Rate limiting is a paid add-on on all plans.

For more information on the previous WAF implementation, also known as WAF managed rules, refer to Understanding WAF managed rules in the Support KB.

For more information on firewall rules, refer to Cloudflare Firewall Rules .