Cloudflare Docs

Cloudflare Docs

Overview
Logpush
Edge Log Delivery
Get started
Permissions
API configuration
Enable destinations
Enable Cloudflare R2
Enable HTTP destination
Enable Amazon S3
Enable S3-compatible endpoints
Enable Datadog
Enable Elastic
Enable Google Cloud Storage
Enable BigQuery
Enable Microsoft Azure
Enable New Relic
Enable Splunk
Enable other providers
Enable Sumo Logic
Enable IBM QRadar
Logpush alerts and analytics
Tutorials
Parse Cloudflare Logs JSON data
Logpush examples
Manage Logpush with cURL
Manage Logpush with Python
Reference
Log Output Options
Filters
Custom fields
Log fields
Zone-scoped datasets
DNS logs
Firewall events
HTTP requests
NEL reports
Page Shield events
Spectrum events
Account-scoped datasets
Access requests
Audit logs
CASB Findings
Device posture results
DNS Firewall Logs
Gateway DNS
Gateway HTTP
Gateway Network
Magic IDS Detections
Network Analytics Logs
Sinkhole HTTP Logs
Workers Trace Events
Zero Trust Network Session Logs
Pathing status
Security fields
WAF fields
ClientRequestSource field
Change notices
2023-02-01 - Updates to security fields
Glossary
Instant Logs
Logs Engine
Log Explorer (beta)
Logpull
Understanding the basics
Enabling log retention
Requesting logs
Additional details
FAQ

WAF fields

The Web Application Firewall (WAF) contains rules managed by Cloudflare to block requests that contain malicious content.

WAF Action

Value	Action	Description
`0`	Unknown	Take no other action.
`1`	Allow	Bypass all subsequent WAF rules.
`2`	Block	Block with an HTTP 403 response.
`3`	Challenge Allow	Issue a Managed Challenge.
`4`	Challenge Drop	Unused.
`5`	Log	Take no action other than logging the event.

Deprecated fields for internal Cloudflare use

The values of these fields are subject to change by Cloudflare at any time and are irrelevant for customer data analysis:

WAFFlags
WAFMatchedVar