Skip to content
WAF
Visit WAF on GitHub
Set theme to dark (⇧+D)

HTTP DDoS Managed Ruleset override parameters

Configure overrides for the Cloudflare HTTP DDoS Managed Ruleset to change the action applied to a given attack or modify the sensitivity level of the detection mechanism. Define these overrides at the account level or at the zone level.

You can override the following rule properties:

Action

API property name: "action".

The action that the WAF will perform for requests that match specific rules of Cloudflare's DDoS mitigation services. The available actions are:

  • Log

    • API value: "log".
    • Only available on Enterprise plans. Logs requests that match the expression of a rule detecting layer 7 DDoS attacks. Recommended for validating a rule before committing to a more severe action.
  • Block

    • API value: "block".
    • Blocks HTTP requests that match the rule expression.
  • Challenge (CAPTCHA)

    • API value: "challenge".
    • Presents a CAPTCHA challenge to the clients making HTTP requests that match a rule expression.
  • Force Connection Close

  • DDoS Dynamic

    • API value: N/A (internal rule action that you cannot use in overrides).
    • Performs a specific action according to a set of internal guidelines defined by Cloudflare. The executed action can be one of the above or an undisclosed mitigation action.

Sensitivity

API property name: "sensitivity_level".

Defines how sensitive a rule is. Affects the thresholds used to determine if an attack should be mitigated. A higher sensitivity level means having a lower threshold, while a lower sensitivity level means having a higher threshold.

The available sensitivity levels are:

UI valueAPI value
High"default"
Medium"medium"
Low"low"
Essentially Off"eoff"

You cannot increase the sensitivity level beyond High ("default").