Cloudflare Docs

Cloudflare Docs

Overview
About
Custom rules
Create custom rules in the dashboard
Create custom rules via API
Configure a rule with the Skip action

API examples
Skip options

Manage custom rules in the dashboard
Rate limiting rules
Determining the request rate
Create rate limiting rules in the dashboard
Create rate limiting rules via API
Rate limiting parameters
Common use cases
Managed Rulesets
Cloudflare Managed Ruleset
Cloudflare OWASP Core Ruleset
Cloudflare Exposed Credentials Check
Deploy Managed Rulesets for a zone
Deploy rulesets via API
Defining WAF exceptions

Define WAF exceptions in the dashboard
Define WAF exceptions via API

Log the payload of matched rules

Configure payload logging in the dashboard
View the payload content in the dashboard
Configure payload logging via API
Command-line operations

Generate a key pair
Decrypt the payload content
Firewall rules
Automated exposed credentials check
How exposed credentials checks work
Configure exposed credentials checks via API
Test your exposed credentials checks configuration
Monitor exposed credentials events
Analytics
Free plan
Paid plans
Additional information
Alerts
Change log
Scheduled changes
2022-03-14
2022-03-07
2022-02-28
2022-02-21
2022-02-14
2022-01-24
2021-12-16 – Emergency
2021-12-14 – Emergency
2021-12-10 – Emergency
2021-11-01
2021-10-25
2021-10-19
2021-10-04
2021-09-06
2021-09-01 – Emergency
2021-08-31
2021-08-23
2021-08-16
2021-07-26
2021-07-19
2021-07-01 – Emergency
2021-06-21
2021-06-14
2021-06-07
2021-06-01
2021-04-21 – Emergency
2021-04-19
2021-03-22
2021-03-08
2021-03-06 – Emergency
2021-03-05 – Emergency
2021-03-01
2020-12-14
2020-12-02
2020-11-16
2020-11-05 – Emergency
2020-11-04 – Emergency
2020-10-19
2020-10-12
2020-10-05
2020-09-28
2020-09-21
2020-09-15
2020-09-07
2020-08-24
2020-09-01
2020-07-27
2020-08-03
2020-07-20
2020-07-07 – Emergency
2020-07-13
2020-06-22
2020-06-15
2020-06-08
2020-05-25
2020-05-11
2020-05-04
2020-04-27
2020-04-20
2020-04-06
2020-03-30
2020-03-23
2020-03-12
2020-03-09
2020-03-02 – Emergency
2020-02-17
2020-02-10
2020-01-27
2020-01-20
2020-01-16 – Emergency
2019-12-16
2019-11-25 – Emergency
2019-11-12
2019-11-07 – Emergency
2019-11-04
2019-10-27 – Emergency
2019-10-23 – Emergency
2019-10-21
2019-10-17 – Emergency
2019-10-14
2019-10-07
2019-09-30
2019-09-26 – Emergency
2019-09-16
Historical

Change log for Managed Rulesets

Cloudflare has a very regular cadence of releasing updates and new rules to the WAF Managed Rulesets. The updates either improve a rule’s accuracy, lower false positives rates or increase the protection due to a change in the threat landscape.

The release cycle for new rules happens on a 7-day cycle, typically every Monday or Tuesday depending on public holidays. For rule updates, Cloudflare will initially deploy the updated rule as a BETA rule (denoted in rule description), before updating the original rule on the next release cycle. Cloudflare will deploy the updated or new rules into logging only (“Log”) mode. Logging only mode allows you to identify any increases in firewall event volumes which look like potential false positives. On the following Monday (or Tuesday) the rules will change from logging only mode to the intended default action (“New Action”).

Cloudflare is very proactive in responding to new vulnerabilities, which may need to be released outside of the 7-day cycle, defined as an Emergency Release.

If you do notice a new or updated rule generating an increased volume of firewall events, you can disable or change the rule from its “Default” action. Once a rule is changed from a “Default” state, Cloudflare is not able to override this.

View scheduled changes