Cloudflare Docs
Visit Logs on GitHub
Set theme to dark (⇧+D)

Firewall fields

The Firewall fields contain rules to block requests that contain specific types of content.

​​ FirewallMatchesActions

unknownUnknownTake no other action.
allowAllowBypass all subsequent rules.
blockDropBlock with an HTTP 403 response.
challengeChallenge DropIssue a CAPTCHA challenge.
jschallengeChallenge DropIssue a JS challenge.
logLogTake no action other than logging the event.
connectionCloseCloseClose connection.
challengeSolvedAllowAllow once CAPTCHA challenge solved.
challengeFailedDropBlock following invalid CAPTCHA solve attempt.
challengeBypassedAllowCAPTCHA challenge is not issued again because the visitor had previously passed a CAPTCHA challenge and a valid cf_clearance cookie is present.
jschallengeSolvedAllowAllow once JS challenge solved.
jschallengeFailedDropDrop if JS challenge failed.
jschallengeBypassedAllowJS challenge not issued because the visitor had previously passed a JS or CAPTCHA challenge.
bypassAllowBypass all subsequent firewall rules.
managedChallengeChallenge DropIssue managed challenge.
managedChallengeNonInteractiveSolvedAllowAllow once the managed challenge is solved via non-interactive interstitial page.
managedChallengeInteractiveSolvedAllowAllow once the managed challenged is solved via interactive interstitial page.
managedChallengeBypassedAllowChallenge was not presented because visitor had clearance from previous challenge.

​​ FirewallMatchesSources

unknownUsed if an event is received from a new source but the logging system has not been updated.
asnAllow or block based on autonomous system number.
countryAllow or block based on country.
ipAllow or block based on IP address.
ipRangeAllow or block based on range of IP addresses.
securityLevelAllow or block based on requester’s security level.
zoneLockdownRestrict all access to a specific zone.
wafAllow or block based on the WAF product settings. This is the WAF/managed rules system that is being phased out.
firewallRulesAllow or block based on a zone’s firewall rules configuration.
uaBlockAllow or block based on the Cloudflare User Agent Blocking product settings.
rateLimitAllow or block based on a rate limiting rule, whether set by you or by Cloudflare.
bicAllow or block based on the Browser Integrity Check product settings.
hotAllow or block based on the Hotlink Protection product settings.
l7ddosAllow or block based on the L7 DDoS product settings.
validationAllow or block based on a request that is invalid (cannot be customized.)
botFightAllow or block based on the Bot Fight Mode (classic) product settings.
botManagementAllow or block based on the Bot Management product settings.
dlpAllow or block based on the Data Loss Prevention product settings.
firewallManagedAllow or block based on the Firewall Managed Rules product settings.
firewallCustomAllow or block based on a rule configured in the Firewall Custom Rulesets.