Preview rules

Overview

Cloudflare Firewall Rules provides a powerful and flexible platform for filtering HTTP requests and protecting your site amid an evolving threat landscape. However, the same power and flexibility that allows you to tailor Firewall Rules to your specific application and environment can also introduce complexity. In these cases, it is critical that you have a way to test a firewall rule before deploying it so that you can ensure the rule will behave the way you expect.

To help customers understand the potential impact of a rule, Cloudflare has built Rule Preview. With the click of a button, Rule Preview allows you to test a firewall rule against a sample drawn from the last 72 hours of traffic. Rule Preview is built into the Firewall Rules Expression Editor so that you can test a rule as you edit it.

The Rule Preview functionality is available to customers in the Cloudflare Enterprise plan.


Use Rule Preview

To test a firewall rule with Rule Preview:

  1. Locate the desired rule in the Rules List and click the associated Edit button (wrench icon). The Edit Firewall Rule panel will open.
  2. Click Test rule to trigger the test.

firewall rules preview 1

The results of the test are displayed in a plot that simulates how many of the total requests in the last 72 hours would have matched the tested expression. In the screenshot below, a rule created to match all User-Agents that contained the string “Mozilla,” would block about 8% of requests to the zone.


Important Notes

Consider the results of Firewall Preview an indication of traffic levels, not an exact calculation. The sample rate can be as little as 1% of your total traffic.

Rule Preview does not take into account other Cloudflare firewall rules that you have already configured. In effect, Rule Preview tests a single firewall rule in isolation. Firewall Events or any other rules with a higher priority that may have blocked or challenged a request are ignored.

Cloudflare does not store the entirety of requests, so only a limited number of fields are available to Rule Preview. The table below lists the fields that Rule Preview supports (green cells), broken down by operator. Fields and operators that are not supported are not included in this table.

EqualNot equalGreater thanLess thanGreater than or equalLess than or equalInContains
AS Number

ip.geoip.asnum
Country

ip.geoip.country
Hostname

http.host
IP Address

ip.src
Referer

http.referer
Request method

Http.request. method
SSL

ssl
URI

http.request.uri
URI path

http.request.uri.path
URI query string

http.request.uri.query
User agent

http.user_agent