Custom Rules allow you to protect your website and your APIs from malicious or excessive incoming traffic.
Use Custom Rules in the Firewall app to define the following rule types:
Custom Firewall rules — Control incoming traffic by filtering requests. Perform actions like Block or JS Challenge on incoming requests according to rules you define.
Rate Limiting rules — Check for excessive incoming traffic and apply mitigation actions.
Custom Rules are built upon the Ruleset Engine which you can use to define rules and actions in several Cloudflare products.
Rule execution order
Cloudflare evaluates different types of rules when processing incoming requests. The rule execution order is the following: