Skip to content
WAF
Visit WAF on GitHub
Set theme to dark (⇧+D)

Available Managed Rulesets

Cloudflare provides the following Managed Rulesets in the WAF:

RulesetDescription
Cloudflare Managed RulesetCreated by the Cloudflare security team, this ruleset provides fast and effective protection for all of your applications. The ruleset is updated frequently to cover new vulnerabilities and reduce false positives.
Cloudflare Exposed Credentials Check Managed RulesetDeploy an automated credentials check on your end-user authentication endpoints. For any credential pair, the Cloudflare WAF performs a lookup against a public database of stolen credentials.
Cloudflare OWASP Core RulesetCloudflare's implementation of the Open Web Application Security Project, or OWASP ModSecurity Core Rule Set. Cloudflare routinely monitors for updates from OWASP based on the latest version available from the official code repository.
Cloudflare Data Loss Prevention (Beta)Created by Cloudflare to address common data loss threats. These rules run on the response Phase and monitor download of files or specific sensitive data — for example, financial and personally identifiable information.