Skip to content
Cloudflare Docs

Custom rules

Custom rules allow you to control incoming traffic by filtering requests to a zone. They work as customized web application firewall (WAF) rules that you can use to perform actions like Block or Managed Challenge on incoming requests.

In the new security dashboard, custom rules are one of the available types of security rules. Security rules perform security-related actions on incoming requests that match specified filters.

Like other rules evaluated by Cloudflare's Ruleset Engine, custom rules have the following basic parameters:

  • An expression that specifies the criteria you are matching traffic on using the Rules language.
  • An action that specifies what to perform when there is a match for the rule.

The custom rules documentation includes examples for common use cases.

Skip rules

You can skip one or more Cloudflare security features using a custom rule configured with the Skip action. These rules are also known as skip rules. Refer to Skip options for more information on the features you can skip.