About Cloudflare Firewall Rules
Flexibility and control
Cloudflare Firewall Rules is a flexible and intuitive framework for filtering HTTP requests. It gives you fine-grained control over which requests reach your applications.
Firewall Rules complements existing Cloudflare tools by allowing you to create rules that combine a variety of techniques. For example, rather than managing 3 independent rules in 3 different places, you can easily create a single firewall rule that blocks traffic to a URI when the request comes from a particular IP and the user-agent matches a specific string or a pattern. Once you are satisfied with the rule, you can deploy it yourself, immediately.
Fundamentally, Firewall Rules gives you the power to proactively inspect incoming site traffic and automatically respond to threats. You define expressions that tell Cloudflare what to look for and specify the appropriate action to take when those criteria are satisfied.
It is a simple concept, but like the Wireshark Display Filter language that inspired our own expression language, the Firewall Rules language is a powerful tool that allows organizations to rapidly adapt to a constantly evolving threat landscape.
Working with Firewall Rules
Firewall Rules tab
The Rules List gives you a snapshot of recent activity and allows you to manage firewall rules in a single convenient location (see image below).
Both the Create Firewall and Edit Firewall panels include the visual Expression Builder (outlined below, in orange), which is an excellent tool to start with.
Advanced users will appreciate the Expression Editor (shown below), which trades the visual simplicity of the builder for the raw power of the . The editor also supports advanced features, such as grouping symbols, for constructing highly sophisticated, targeted rules.
Firewall Rules APIs
Cloudflare Firewall Rules is available to all customers. Keep in mind that the number of firewall rules you can have active on your account is based on your type of plan, as is support for the Log action and support for regular expressions.
This table outlines the Firewall Rules features and entitlements available with each customer plan:
Those eager to dive straight into the technical details can refer to these topics: