Cloudflare Docs
Edit this page on GitHub
Set theme to dark (⇧+D)


Review the definitions for terms used across Cloudflare’s WAF documentation.

allowlistAn allowlist is a list of items (usually websites, IP addresses, email addresses, etc.) that are permitted to access a system.
attack scoreA number from 1 (likely malicious) to 99 (likely clean) classifying how likely an incoming request is malicious or not. Allows you to detect new attack techniques before they are publicly known.
blocklistA blocklist is a list of items (usually websites, IP addresses, email addresses, etc.) that are prevented from accessing a system.
content objectA content object is any binary part of a request body (as detected by Cloudflare systems) that does not match any of the following content types: text/html, text/x-shellscript, application/json, text/csv, or text/xml.
credential stuffingCredential stuffing is the automated injection of stolen username and password pairs (known as “credentials”) into website login forms, trying to gain access to user accounts.
exposed credentials

Exposed credentials refers to sensitive authentication information disclosed in some way (for example, due to misconfigurations, data breaches, or simple human error), allowing other parties to gain access to digital resources.

Credentials may include usernames, passwords, API keys, authentication tokens, or private keys.

firewallA firewall is a security system that monitors and controls network traffic based on a set of security rules.
mitigated requestA request to which Cloudflare applied a terminating action such as block or challenge.
paranoia levelClassifies rules of the OWASP managed ruleset according to their agressiveness.
rate limitingRate limiting is a technique used in computer systems to control the rate at which requests are processed. It can be used as a security measure to prevent attacks, or to limit resource usage in your origin servers.
SIEMA Security Information and Event Management (SIEM) solution collects, analyzes, and correlates data to help manage security incidents, detect anomalies, and meet compliance requirements.
threat score

The threat score is a score from 0 (zero risk) to 100 (high risk) classifying the IP reputation of a visitor.

IP reputation is calculated based on Project Honeypot, external public IP information, as well as internal threat intelligence from WAF managed rules and DDoS.