Skip to content
Visit WAF on GitHub
Set theme to dark (⇧+D)

HTTP DDoS Managed Ruleset parameters

Configure the Cloudflare HTTP DDoS Managed Ruleset to change the action applied to a given attack or modify the sensitivity level of the detection mechanism. You can configure the Managed Ruleset in the Cloudflare dashboard or define overrides via Rulesets API.

The available parameters are the following:


API property name: "action".

The action that the WAF will perform for requests that match specific rules of Cloudflare's DDoS mitigation services. The available actions are:

  • Log

    • API value: "log".
    • Only available on Enterprise plans. Logs requests that match the expression of a rule detecting layer 7 DDoS attacks. Recommended for validating a rule before committing to a more severe action.
  • Block

    • API value: "block".
    • Blocks HTTP requests that match the rule expression.
  • Challenge (CAPTCHA)

    • API value: "challenge".
    • Presents a CAPTCHA challenge to the clients making HTTP requests that match a rule expression.
  • Force Connection Close

  • DDoS Dynamic

    • API value: N/A (internal rule action that you cannot use in overrides).
    • Performs a specific action according to a set of internal guidelines defined by Cloudflare. The executed action can be one of the above or an undisclosed mitigation action.


API property name: "sensitivity_level".

Defines how sensitive a rule is. Affects the thresholds used to determine if an attack should be mitigated. A higher sensitivity level means having a lower threshold, while a lower sensitivity level means having a higher threshold.

The available sensitivity levels are:

UI valueAPI value
Essentially Off"eoff"

You cannot increase the sensitivity level beyond High ("default").