Skip to content
Cloudflare Docs

Deploy a WAF managed ruleset in the dashboard

The instructions in this page provide general guidance for deploying and configuring a managed ruleset for a zone.

For more specific instructions, refer to the following pages:

Deploy a managed ruleset

To deploy a managed ruleset for a zone:

  1. In the Cloudflare dashboard, go to the Security Settings page.

    Go to Settings

  2. (Optional) Filter by Web application exploits.

  3. Turn on the managed ruleset(s) you want to deploy:

  4. Review the deployment settings. Edit the scope, if necessary, to apply the ruleset to a subset of the incoming requests, or configure any custom settings (also known as overrides).

  5. Select Save.

This operation deploys the managed ruleset for the current zone, creating a new rule with the Execute action.

To temporarily turn off a managed ruleset without deleting its deployment configuration, use the toggle next to the rule that deploys the managed ruleset.

Configure a managed ruleset

Configure a managed ruleset to:

  • Specify a custom filter expression to apply the rules in the ruleset to a subset of incoming requests.
  • Configure (or override) specific settings for one or more rules (for example, configure a rule with an action different from the default action configured by Cloudflare), or turn off those rules.

To skip one or more rules — or even entire managed rulesets — for specific incoming requests, add an exception.

Configure all the rules in a managed ruleset

To configure (or override) settings for all the rules in a managed ruleset:

  1. In the Cloudflare dashboard, go to the Security rules page.

    Go to Security rules

  2. (Optional) Filter by Managed rules.

  3. Search for the managed ruleset you want to configure. Look for a rule with an Execute action.

  4. Select the rule name (containing the name of the managed ruleset) to open the deployment configuration page.

  5. (Optional) To execute the managed ruleset for a subset of incoming requests, select Edit scope and configure the expression that will determine the scope of the current rule deploying the managed ruleset.

  6. In the ruleset configuration section, define settings for all the rules in the ruleset by setting one or more fields using the drop-down lists.

    For example, select the action to perform for all the rules in the ruleset.

  7. Select Save.

Configure rules of a managed ruleset with specific tags

To configure (or override) settings of rules tagged with specific tags:

  1. In the Cloudflare dashboard, go to the Security rules page.

    Go to Security rules

  2. (Optional) Filter by Managed rules.

  3. Search for the managed ruleset you want to configure/browse. Look for a rule with an Execute action.

  4. Select the rule name (containing the name of the managed ruleset), and then select Browse rules.

  1. Select one or more tags under the search input to filter the rules with those tags, and then select the checkbox in the top left corner of the table to select all the rules shown in the current page.
    If not all the rules are displayed in the current page, extend your selection to all rules with the selected tags across all pages by selecting Select all <NUMBER> rules.

  2. Update one or more settings for the selected rules using the buttons displayed in the top right corner of the table (for example, Set status).

  3. Select Next.

  4. A dialog appears asking you if any new rules with the selected tags should be configured with the field values you selected.

    • Select Include new rules if you want to apply your configurations to any new rules with the select tags.
    • Select Only selected rules to apply your configurations to the selected rules only.

  5. Select Save.

Configure individual rules of a managed ruleset

To configure (or override) settings of individual rules of a managed ruleset:

  1. In the Cloudflare dashboard, go to the Security rules page.

    Go to Security rules

  2. (Optional) Filter by Managed rules.

  3. Search for the managed ruleset you want to configure/browse. Look for a rule with an Execute action.

  4. Select the rule name (containing the name of the managed ruleset), and then select Browse rules.

  1. Search for rules using the available filters.

  2. In the results list, change the values for each rule as desired, using the displayed drop-down lists and toggles. For example, change the status of a rule using the Status toggle next to the rule.

    To configure multiple rules with the same value, select the checkboxes for all the rules you want to configure. If not all the rules are displayed in the current page, you can extend your selection to all rules across all pages by selecting Select all <NUMBER> rules. Then, use the buttons displayed in the top right corner of the table — for example, Set status — to update one or more fields for the selected rules.

  3. Select Next, and then select Save.

Browse the rules of a managed ruleset

You can browse the available rules in a managed ruleset and search for individual rules or tags.

  1. In the Cloudflare dashboard, go to the Security Settings page.

    Go to Settings

  2. (Optional) Filter by Web application exploits.

  3. Find the managed ruleset you want to browse, and select View ruleset.

  4. Review the rules and their tags in the side panel.

Delete a managed ruleset deployment rule or an exception

  1. In the Cloudflare dashboard, go to the Security rules page.

    Go to Security rules

  2. (Optional) Filter by Managed rules.

  3. Search for the managed ruleset you want to configure.

  4. Next to the managed ruleset deployment rule (execute rule) or exception (skip rule) you want to delete, select the three dots > Delete and confirm the operation.