WAF fields

The Web Application Firewall (WAF) contains rules managed by Cloudflare to block requests that contain malicious content.

WAFAction

ValueAction
0Unknown
1Allow
2Drop
3Challenge Allow
4Challenge Drop
5Simulate
6Log

Deprecated fields for internal Cloudflare use

The values of these fields are subject to change by Cloudflare at any time and are irrelevant for customer data analysis:

  • WAFFlags
  • WAFMatchedVar