Network-layer DDoS Attack Protection Managed Ruleset
The Cloudflare Network-layer DDoS Attack Protection Managed Ruleset is a set of pre-configured rules used to match at levels 3 and 4 of the OSI model. Cloudflare updates the list of rules in the Managed Ruleset on a regular basis.
The Network-layer DDoS Attack Protection Managed Ruleset is always enabled — you can only customize its behavior.
You may need to adjust the behavior of specific rules in case of false positives or due to specific traffic patterns.
Adjust the behavior of the rules in the Managed Ruleset by modifying the following parameters:
- The performed action when an attack is detected
- The sensitivity level of attack detection mechanisms
To adjust rule behavior, do one of the following:
Overrides can apply to all packets or to a subset of incoming packets, depending on the override expression. Refer to for more information on the available fields for expressions of Network-layer DDoS Attack Protection Managed Ruleset overrides.
The Network-layer DDoS Attack Protection Managed Ruleset protects Cloudflare customers on all plans. However, only Magic Transit and Spectrum customers on an Enterprise plan can customize the Managed Ruleset.
Related Cloudflare products
Magic Transit customers can configure the following additional products:
- Enable to detect and mitigate sophisticated out-of-state TCP attacks such as randomized and spoofed ACK floods or SYN and SYN-ACK floods.
- Create custom rules to block additional network-layer attacks.