By default, the action you specify in a rule determines the evaluation sequence for your entire ruleset. To learn more, see Actions.
However, order and priority are two options that allow you to force the evaluation sequence to follow before triggering a rule.
Note that the Firewall Rules engine processes rules in parallel. If you do not specify neither order nor priority in a large ruleset, a matching conflict is possible. To avoid any conflicts, Cloudflare strongly recommends explicitly controlling the evaluation sequence of your ruleset via one of the options discussed below.
When you use the order option in the Firewall Rules UI, you are overriding the default evaluation sequence (based on the rule’s action).
Using order for your ruleset evaluation sequence is advantageous when managing under 201 rules because you can use drag and drop functionality.
Currently, Cloudflare supports the order option for up to 200 rules. This applies to the total number of active and inactive rules. Starting at 201, you must manage the execution of your rules using priority.
Cloudflare recommends the priority option when managing a large ruleset (over 200). At that scale, it is more efficient to configure your rules programmatically via the Firewall Rules API or Terraform.
Firewall Rules does not have default priorities and does not force you to have a priority for every rule. This gives you the freedom to organize your ruleset as you deem most appropriate.
The numbering can be relatively arbitrary, as long as it makes sense for your particular situation. However, keep in mind that:
We recommend grouping ranges of priority numbers into meaningful categories. For example:
The example priority numbers above are valid since you can have many more rules than the limit associated with your domain plan. That limit applies solely to active rules.