Block requests by attack score

Expression: (ip.src.country in {"CN" "TW" "US" "GB"} and cf.waf.score lt 20)
Action: Block

The attack score helps identify variations of known attacks and their malicious payloads.

This example custom rule blocks requests based on country code (ISO 3166-1 Alpha 2 ↗ format), from requests with an attack score lower than 20. For more information, refer to WAF attack score.