cf.waf.content_scan.obj_results

cf.waf.content_scan.obj_results Array<String>

An array of scan results in the order the content objects were detected in the request.

The possible values are: clean, suspicious, infected, and not scanned.

Requires a Cloudflare Enterprise plan with malicious uploads detection.

Example usage:

# Check if requests to a specific endpoint contain any suspicious or infected content objects
any(cf.waf.content_scan.obj_results[*] in {"suspicious" "infected"}) and http.request.uri.path eq "/upload"

Categories:

Request

Was this helpful?

Resources
API
New to Cloudflare?
Directory
Sponsorships
Open Source

Support
Help Center
System Status
Compliance
GDPR

Company
cloudflare.com
Our team
Careers

Tools
Cloudflare Radar
Speed Test
Is BGP Safe Yet?
RPKI Toolkit
Certificate Transparency

Community
X
Discord
YouTube
GitHub

Privacy Policy
Terms of Use
Report Security Issues
Trademark