Managed Rules
The Cloudflare WAF includes pre-configured managed rulesets that you can deploy. These managed rulesets provide immediate protection against:
- Zero-day vulnerabilities
- Top-10 attack techniques
- Use of stolen/leaked credentials
- Extraction of sensitive data
The WAF's managed rulesets are regularly updated. Each rule has a default action that varies according to the severity of the rule. You can adjust the behavior of specific rules, choosing from several possible actions.
Rules of managed rulesets have associated tags (such as wordpress
) that allow you to search for a specific group of rules and configure them in bulk.
By default, Cloudflare offers the following rulesets:
- Cloudflare Managed Ruleset
- Cloudflare OWASP Core Ruleset
- Cloudflare Exposed Credentials Check Managed Ruleset