WAF (Web Application Firewall)

Personal Notes for Cloudflare WAF

Overview

Provides both automatic protection from vulnerabilities and the flexibility to create custom rules.

Main features

• Custom rules: Create your own custom rules to protect your website and your APIs from malicious incoming traffic.

• Rate limiting rules: Set rate limits for incoming requests matching an expression, and the action to take when those rate limits are reached.

• WAF Managed Rulesets: Enable the pre-configured Managed Rulesets to get immediate protection. Adjust the behavior of managed rules, choosing from several possible actions.

• Exposed Credential Checks: Monitor and block the use of stolen/exposed credentials for account takeover.

• Firewall Analytics: Identify and investigate security threats using an intuitive interface. Tailor your security configurations based on the activity log.

WAF Request Match

This section sets fields for what the WAF will apply to.

• Field: Variable

Step 1: Find WAF in Cloudflare

You can find WAF on the left hand side under security.

Step 2: Create Your First Firewall Rule

Step 3: Choose a Guide

Blocking Guides:

Follow our handy guides to get started on the basics as quickly as possible:

Block a Country

Block a Continent

Block by IP Address

Block a Country

CAPTCHA Guides:

Learn the fundamentals Captcha:

Legacy CAPTCHA by Browser

Legacy CAPTCHA for Country

Legacy CAPTCHA IP Address

Legacy CAPTCHA Continent