Block requests by attack score
The attack score helps identify variations of known attacks and their malicious payloads.
This example blocks requests based on country code (ISO 3166-1 Alpha 2 ↗ format), from requests with an attack score lower than 20. For more information, refer to WAF attack score.
- Expression:
(ip.src.country in {"CN" "TW" "US" "GB"} and cf.waf.score lt 20) - Action: Block
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark