Cloudflare Docs

Cloudflare Docs

Overview
Concepts
WAF attack score
Uploaded content scanning
Get started
Example rules
Common API calls
Custom rules
Create custom rules in the dashboard
Create custom rules via API
Configure a rule with the Skip action
API examples
Skip options
Common use cases
Allow traffic from search engine bots
Allow traffic from specific countries only
Block Microsoft Exchange Autodiscover requests
Block requests by Threat Score
Challenge bad bots
Configure token authentication
Exempt partners from Hotlink Protection
Require a specific cookie
Require known IP addresses in site admin area
Require specific HTTP headers
Require specific HTTP ports
Stop R-U-Dead-Yet? (R.U.D.Y.) attacks
Update custom rules for customers or partners
Custom rulesets
Use the dashboard
Use the API
Rate limiting rules
Request rate calculation
Create in the dashboard for a zone
Create in the dashboard for an account
Create via API
Find appropriate rate limit
Rate limiting parameters
Rule examples
Best practices
Managed rules
Deploy in the dashboard for a zone
Deploy in the dashboard for an account
Deploy via API
Handle false positives
Create exceptions
Add an exception in the dashboard
Add an exception via API
Log the payload of matched rules
Configure payload logging in the dashboard
View the payload content in the dashboard
Configure payload logging via API
Command-line operations
Generate a key pair
Decrypt the payload content
Check for exposed credentials
How it works
Configure via API
Test your configuration
Monitor exposed credentials events
Rulesets reference
Cloudflare Managed Ruleset
Cloudflare OWASP Core Ruleset
Concepts
Example
Configure in the dashboard
Configure via API
Configure in Terraform
Cloudflare Exposed Credentials Check Managed Ruleset
Additional tools
Lists
Custom lists
Bulk Redirect Lists
Managed Lists
Create in the dashboard
Use lists in expressions
Lists API
JSON object
Endpoints
IP Access rules
Create a rule
Parameters
Actions
Scrape Shield
Email Address Obfuscation
Server-side Excludes (SSE)
Hotlink Protection
User Agent Blocking
Zone Lockdown
Browser Integrity Check
Challenge Passage
Privacy Pass
Security Level
Analytics
Security Analytics
Security Events
Free plan
Paid plans
Additional information
Reference
Alerts
Phases
Challenges
Migration guides
WAF Managed Rules migration
Firewall Rules to WAF custom rules migration
Rate limiting (previous version) deprecation
Legacy features
WAF managed rules (previous version)
Troubleshooting
Rate Limiting (previous version)
Troubleshooting
Troubleshooting
Bing's Site Scan blocked by a managed rule
Issues sharing to Facebook
SameSite cookie interaction with Cloudflare
FAQ
Glossary
Changelog
Scheduled changes
2024-04-24
2024-04-22
2024-04-16 - Emergency
2024-04-15
2024-04-08
2024-03-18
2024-03-11
2024-03-04
2024-02-26
2024-02-20
2024-02-12
2024-02-05
2024-01-22 - Emergency
2024-01-17 - Emergency
2024-01-16
2024-01-04
Historical (2023)
Historical (2022)
Historical (2021)
Historical (2020)
Historical (2019)
Historical (2018)

Glossary

Review the definitions for terms used across Cloudflare’s WAF documentation.

Text search

Term	Definition
allowlist	An allowlist is a list of items (usually websites, IP addresses, email addresses, etc.) that are permitted to access a system.
attack score	A number from 1 (likely malicious) to 99 (likely clean) classifying how likely an incoming request is malicious or not. Allows you to detect new attack techniques before they are publicly known.
blocklist	A blocklist is a list of items (usually websites, IP addresses, email addresses, etc.) that are prevented from accessing a system.
content object	A content object is any binary part of a request body (as detected by Cloudflare systems) that does not match any of the following content types: `text/html`, `text/x-shellscript`, `application/json`, `text/csv`, or `text/xml`.
credential stuffing	Credential stuffing is the automated injection of stolen username and password pairs (known as “credentials”) into website login forms, trying to gain access to user accounts.
exposed credentials	Exposed credentials refers to sensitive authentication information disclosed in some way (for example, due to misconfigurations, data breaches, or simple human error), allowing other parties to gain access to digital resources. Credentials may include usernames, passwords, API keys, authentication tokens, or private keys.
firewall	A firewall is a security system that monitors and controls network traffic based on a set of security rules.
mitigated request	A request to which Cloudflare applied a terminating action such as block or challenge.
paranoia level	Classifies rules of the OWASP managed ruleset according to their aggressiveness.
rate limiting	Rate limiting is a technique used in computer systems to control the rate at which requests are processed. It can be used as a security measure to prevent attacks, or to limit resource usage in your origin servers.
SIEM	A Security Information and Event Management (SIEM) solution collects, analyzes, and correlates data to help manage security incidents, detect anomalies, and meet compliance requirements.
threat score	The threat score is a score from 0 (zero risk) to 100 (high risk) classifying the IP reputation of a visitor. IP reputation is calculated based on Project Honeypot, external public IP information, as well as internal threat intelligence from WAF managed rules and DDoS.