Traffic detections

WAF traffic detections check incoming requests for malicious or potentially malicious activity. Each enabled detection provides one or more scores — available in the Security Analytics dashboard — that you can use in WAF rule expressions.

The WAF currently provides the following detections for finding security threats in incoming requests:

• WAF attack score
• Leaked credentials detection
• Malicious uploads detection
• Bot score

Availability

	Free	Pro	Business	Enterprise
Availability	Yes	Yes	Yes	Yes
Malicious uploads detection	No	No	No	Paid add-on
Leaked credentials detection	Yes	Yes	Yes	Yes
Leaked credentials fields	Password Leaked	Password Leaked, User and Password Leaked	Password Leaked, User and Password Leaked	All leaked credentials fields
Number of custom detection locations	0	0	0	10
Attack score	No	No	One field only	Yes

For more information on bot score, refer to the Bots documentation.

Turn on a detection

To turn on a traffic detection:

1. Log in to the Cloudflare dashboard ↗, and select your account and domain.
2. Go to Security > Settings.
3. Under Incoming traffic detections, turn on the desired detections.

Enabled detections will run for all incoming traffic.

Note

Currently, you cannot manage the bot score and attack score detections from the Security > Settings page. Refer to the documentation of each feature for availability details.

More resources

For more information on detection versus mitigation, refer to Concepts.