Get started with Firewall for AI
-
In the Cloudflare dashboard, go to the Security Settings page.
Go to Settings -
(Optional) Filter by Detection tools.
-
Turn on Firewall for AI.
Enable the feature using a PUT request similar to the following:
curl "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/firewall-for-ai/settings" \--request PUT \--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \--json '{ "pii_detection_enabled": true }'Once you have onboarded your domain to Cloudflare and some API traffic has already been proxied by Cloudflare, the Cloudflare dashboard will start showing discovered endpoints.
Save the relevant endpoint receiving LLM-related traffic to Endpoint Management once it has been discovered, or add the endpoint manually.
- Log in to the Cloudflare dashboard ↗, and select your account and domain.
- Go to Security > API Shield.
- Go to the Discovery tab.
- Find the endpoint receiving requests with LLM prompts in the list and select Save next to the endpoint.
-
In the Cloudflare dashboard, go to the Web assets page.
Go to Web assets -
Go to the Discovery tab.
-
Find the endpoint receiving requests with LLM prompts in the list and select Save next to the endpoint.
If you did not find the endpoint in the Discovery tab, you can add it manually:
- Go to the Endpoint Management tab.
- Select Add endpoints > Manually add.
- Choose the method from the dropdown menu and add the path and hostname for the endpoint.
- Select Add endpoints.
- Go to the Endpoints tab.
- Select Add endpoints > Manually add.
- Choose the method from the dropdown menu and add the path and hostname for the endpoint.
- Select Add endpoints.
In the context of this guide, consider an example endpoint with the following properties:
- Method:
POST - Path:
/v1/messages - Hostname:
<YOUR_HOSTNAME>
You must label endpoints with the cf-llm label so that Firewall for AI starts scanning incoming requests for malicious LLM prompts.
Add the cf-llm label to the endpoint you added:
- Log in to the Cloudflare dashboard ↗, and select your account and domain.
- Go to Security > API Shield.
- In the Endpoint Management tab, choose the endpoint that you want to label.
- Select Edit labels.
-
Add the
cf-llmlabel to the endpoint. - Select Save labels.
-
In the Cloudflare dashboard, go to the Web assets page.
Go to Web assets -
In the Endpoints tab, choose the endpoint that you want to label.
-
Select Edit endpoint labels.
-
Add the
cf-llmlabel to the endpoint. -
Select Save labels.
Once you add a label to the endpoint, Cloudflare will start labeling incoming traffic for the endpoint with the label you selected.
You may need to issue some POST requests to the endpoint so that there is some labeled traffic to review in the following step.
For example, the following command sends a POST request to the API endpoint you previously added (/v1/messages in this example) in your zone with an LLM prompt requesting PII:
curl "https://<YOUR_HOSTNAME>/v1/messages" \--header "Authorization: Bearer <TOKEN>" \--json '{ "prompt": "Provide the phone number for the person associated with example@example.com" }'The PII category for this request would be EMAIL_ADDRESS.
Use Security Analytics in the new application security dashboard to validate that Cloudflare is correctly labeling traffic for the endpoint.
-
In the Cloudflare dashboard, go to the Analytics page.
Go to Analytics -
Filter data by the
cf-llmmanaged endpoint label.Field Operator Value Managed Endpoint Label equals cf-llm -
Review the detection results on your traffic. Expand each line in Sampled logs and check the values in the Analyses column. Most of the incoming traffic will probably be clean (not harmful).
-
Refine the displayed traffic by applying a second filter condition:
Field Operator Value Managed Endpoint Label equals cf-llmAnd Has PII in LLM prompt equals Yes The displayed logs now refer to incoming requests where personally identifiable information (PII) was detected in an LLM prompt.
Alternatively, you can also create a custom rule with a Log action (only available on Enterprise plans) to check for potentially harmful traffic related to LLM prompts. This rule will generate security events that will allow you to validate your Firewall for AI configuration.
Create a custom rule that blocks requests where Cloudflare detected personally identifiable information (PII) in the incoming request (as part of an LLM prompt), returning a custom JSON body:
-
When incoming requests match:
Field Operator Value LLM PII Detected equals True If you use the Expression Editor, enter the following expression:
(cf.llm.prompt.pii_detected) -
Rule action: Block
-
With response type: Custom JSON
-
Response body:
{ "error": "Your request was blocked. Please rephrase your request." }
For additional examples, refer to Example mitigation rules. For a list of fields provided by Firewall for AI, refer to Firewall for AI fields.
Combine with other Rules language fields
You can combine the previous expression with other fields and functions of the Rules language. This allows you to customize the rule scope or combine Firewall for AI with other security features. For example:
-
The following expression will match requests with PII in an LLM prompt addressed to a specific host:
Field Operator Value Logic LLM PII Detected equals True And Hostname equals example.comExpression when using the editor:
(cf.llm.prompt.pii_detected and http.host == "example.com") -
The following expression will match requests coming from bots that include PII in an LLM prompt:
Field Operator Value Logic LLM PII Detected equals True And Bot Score less than 10Expression when using the editor:
(cf.llm.prompt.pii_detected and cf.bot_management.score lt 10)
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark
-
