Skip to content
Visit Logs on GitHub
Set theme to dark (⇧+D)

WAF fields

The Web Application Firewall (WAF) contains rules managed by Cloudflare to block requests that contain malicious content.


0UnknownTake no other action
1AllowBypass all subsequent WAF rules
2DropBlock with an HTTP 403 response
3Challenge AllowIssue a CAPTCHA challenge
4Challenge DropUnused
5SimulateTake no action other than logging the event
6LogIncrement the anomaly score for OWASP rules. Records actions only if the total anomaly score for all matching OWASP rules exceeds the overall trigger threshold for an OWASP action (challenge, block, simulate)

Deprecated fields for internal Cloudflare use

The values of these fields are subject to change by Cloudflare at any time and are irrelevant for customer data analysis:

  • WAFFlags
  • WAFMatchedVar