Managed Rulesets per Custom Hostname
If you are interested in
but unsure of where to start, Cloudflare recommends using WAF Managed Rules. The Cloudflare security team creates and manages a variety of rules designed to detect common attack vectors and protect applications from vulnerabilities. These rules are offered in WAF for SaaS , like Cloudflare Managed and OWASP, which can be deployed with different settings and sensitivity levels. managed rulesets
WAF for SaaS is available for customers on an Enterprise plan.
If you would like to deploy a managed ruleset at the account level, refer to the
. Ruleset Engine documentation
Ensure you have reviewed
and familiarize yourself with Get Started with Cloudflare for SaaS . WAF for SaaS
Customers can automate the
tagging by adding it to the custom hostnames at creation. For more information on tagging a custom hostname with custom metadata, refer to the custom metadata . API documentation
Step 1 - Choose security tagging system
security_tag buckets. These are fully customizable with no strict limit on quantity. For example, you can set
high as a default, with one tag per custom hostname.
If you have not already done so,
by including the associate your custom metadata to custom hostnames
security_tagin the custom metadata associated with the custom hostname. The JSON blob associated with the custom hostname is fully customizable.
After the association is complete, the JSON blob is added to the defined custom hostname. This blob is then associated to every incoming request and exposed in the WAF through the new field
cf.hostname.metadata. In the rule, you can access
cf.hostname.metadata and get whatever data you need from that blob.
Step 2 - Deploy Rulesets
Log in to the
and navigate to your account. Cloudflare dashboard
Select Account Home >
WAF. WAF at the account level will only be visible on Enterprise plans. If you do not see this option, contact your account manager.
Deploy a managed ruleset.
Field, Select Hostname. Set the operator as equals. The complete expression should look like this, plus any logic you would like to add:
Value, add the custom hostname.
Cloudflare Managed Ruleset card and select Use this Ruleset.
Click the checkbox next to each rule you want to deploy.
Status button next to each rule to enable or disable it. Then select Next.
On the review page, give your rule a descriptive name. You can modify the ruleset configuration by changing, for example, what rules are enabled or what action should be the default.
Deploy. While this tutorial uses Cloudflare Managed Rulesets, you can also create a custom ruleset and deploy on your custom hostnames. To do this, select Browse Rulesets > Create new ruleset. For examples of a low/medium/high ruleset, refer to . WAF for SaaS