Cloudflare Firewall Rules is a flexible and intuitive framework for filtering HTTP requests. It gives you fine-grained control over which requests reach your applications.
Firewall Rules complements existing Cloudflare tools by allowing you to create rules that combine a variety of techniques. For example, rather than managing 3 independent rules in 3 different places, you can easily create a single firewall rule that blocks traffic to a URI when the request comes from a particular IP and the user-agent matches a specific string or a pattern. Once you are satisfied with the rule, you can deploy it yourself, immediately.
Fundamentally, Firewall Rules gives you the power to proactively inspect incoming site traffic and automatically respond to threats. You define expressions that tell Cloudflare what to look for and specify the appropriate action to take when those criteria are satisfied.
It is a simple concept, but like the Wireshark Display Filter language that inspired our own expression language, the Firewall Rules language is a powerful tool that allows organizations to rapidly adapt to a constantly evolving threat landscape.
To configure Firewall Rules from the the Cloudflare dashboard, use the Firewall Rules tab in the Firewall app. For more, see Manage rules in the Cloudflare dashboard.
You can also manage Firewall Rules through Terraform. For more, see Getting Started with Terraform.
The Firewall Rules tab gives you a snapshot of recent activity and allows you to manage firewall rules in a single convenient location.
Both the Create Firewall and Edit Firewall pages include the visual Expression Builder (outlined below, in orange), which is an excellent tool to start with.
Advanced users will appreciate the Expression Editor, which trades the visual simplicity of the builder for the power of the Cloudflare Firewall Rules language. It offers access to advanced features, such as grouping symbols, for constructing highly sophisticated, targeted rules.
Power users, particularly those who develop large numbers of firewall rules, and developers can use the Cloudflare API to programmatically manage Firewall Rules (see Manage rules via the API).
Cloudflare Firewall Rules is available to all customers. Keep in mind that the number of firewall rules you can have active on your account is based on your Cloudflare plan. The table below outlines the entitlements and features available with each plan.
|Supported actions||All except Log||All except Log||All except Log||All|
|Regular expression support||No||No||Yes||Yes|
|Number of Rules Lists||1||10||10||10|
Unless you are already an advanced user, we recommend you first learn about the Expressions and Actions topics and then move on to the Create, edit, and delete rules topic. Those eager to dive straight into the technical details should see Firewall Rules language.