Exclude a prefix

To exclude a prefix or a prefix subset from Advanced DDoS Protection:

1. In the Cloudflare dashboard, go to the L3/4 DDoS protection page.

   Go to DDoS Managed Rules

2. Go to Advanced Protection.

3. Add the prefix you previously onboarded to Magic Transit to Advanced TCP Protection.

4. Add the prefix (or subset) you wish to exclude as a new, separate prefix in Advanced TCP Protection.

5. For the prefix you added in the previous step, select Exclude Subset in the Enrolled Prefixes list.

Note

Prefixes or subsets added as Excluded will not be protected by Advanced TCP Protection.