Skip to content
Cloudflare Docs logomark
Cloudflare
Docs
WAF
Navigation menu icon
Open external link
Cloudflare Docs logomark
Cloudflare
Docs
WAF
Dropdown icon
WAF menu
Cloudflare WAF homepage
Cloudflare homepage
Overview
Get started
Expand: Concepts
Concepts
WAF attack score
Expand: Uploaded content scanning
Uploaded content scanning
Get started
Example rules
Common API calls
Expand: Custom rules
Custom rules
Create in the dashboard
Create via API
Expand: Configure a rule with the Skip action
Configure a rule with the Skip action
API examples
Skip options
Expand: Common use cases
Common use cases
Allow traffic from IP addresses in allowlist only
Allow traffic from search engine bots
Allow traffic from specific countries only
Block Microsoft Exchange Autodiscover requests
Block requests by Threat Score
Block traffic from specific countries
Challenge bad bots
Configure token authentication
Exempt partners from Hotlink Protection
Require a specific cookie
Require known IP addresses in site admin area
Require specific HTTP headers
Require specific HTTP ports
Stop R-U-Dead-Yet? (R.U.D.Y.) attacks
Update custom rules for customers or partners
Expand: Custom rulesets
Custom rulesets
Use the dashboard
Use the API
Expand: Rate limiting rules
Rate limiting rules
Request rate calculation
Create in the dashboard for a zone
Create in the dashboard for an account
Create via API
Find appropriate rate limit
Rate limiting parameters
Rule examples
Best practices
Expand: Managed rules
Managed rules
Deploy in the dashboard for a zone
Deploy in the dashboard for an account
Deploy via API
Handle false positives
Expand: Create exceptions
Create exceptions
Add an exception in the dashboard
Add an exception via API
Expand: Log the payload of matched rules
Log the payload of matched rules
Configure payload logging in the dashboard
View the payload content in the dashboard
Configure payload logging via API
Store decrypted matched payloads in logs
Expand: Command-line operations
Command-line operations
Generate a key pair
Decrypt the payload content
Expand: Check for exposed credentials
Check for exposed credentials
How it works
Configure via API
Test your configuration
Monitor exposed credentials events
Expand: Rulesets reference
Rulesets reference
Cloudflare Managed Ruleset
Expand: Cloudflare OWASP Core Ruleset
Cloudflare OWASP Core Ruleset
Concepts
Example
Configure in the dashboard
Configure via API
Configure in Terraform
External link icon
Open external link
Cloudflare Exposed Credentials Check Managed Ruleset
Cloudflare Sensitive Data Detection
Expand: Additional tools
Additional tools
Expand: Lists
Lists
Custom lists
Bulk Redirect Lists
External link icon
Open external link
Managed Lists
Create in the dashboard
Use lists in expressions
Expand: Lists API
Lists API
JSON object
Endpoints
Expand: IP Access rules
IP Access rules
Create a rule
Parameters
Actions
Expand: Scrape Shield
Scrape Shield
Email Address Obfuscation
Server-side Excludes (SSE)
Hotlink Protection
User Agent Blocking
Zone Lockdown
Browser Integrity Check
Challenge Passage
Privacy Pass
Replace insecure JS libraries
Security Level
Expand: Analytics
Analytics
Security Analytics
Expand: Security Events
Security Events
Free plan
Paid plans
Additional information
Expand: Reference
Reference
Alerts
Phases
Challenges
Expand: Migration guides
Migration guides
WAF Managed Rules migration
Firewall Rules to WAF custom rules migration
Rate limiting (previous version) deprecation
Expand: Legacy features
Legacy features
Expand: WAF managed rules (previous version)
WAF managed rules (previous version)
Troubleshooting
Expand: Rate Limiting (previous version)
Rate Limiting (previous version)
Troubleshooting
Expand: Troubleshooting
Troubleshooting
Bing's Site Scan blocked by a managed rule
Issues sharing to Facebook
SameSite cookie interaction with Cloudflare
FAQ
Glossary
Expand: Changelog
Changelog
General updates
Scheduled changes
2024-06-18 - Emergency
2024-06-06 - Emergency
2024-05-30 - Emergency
2024-05-29 - Emergency
2024-05-21
2024-05-14
2024-05-08
2024-05-06
2024-04-24
2024-04-22
2024-04-16 - Emergency
2024-04-15
2024-04-08
2024-03-18
2024-03-11
2024-03-04
2024-02-26
2024-02-20
2024-02-12
2024-02-05
2024-01-22 - Emergency
2024-01-17 - Emergency
2024-01-16
2024-01-04
Historical (2023)
Historical (2022)
Historical (2021)
Historical (2020)
Historical (2019)
Historical (2018)
Edit
Edit this page
Issue
Report an issue with this page
Log in
Log into the Cloudflare dashboard
Search icon (depiction of a magnifying glass)
Light theme icon (depiction of a sun)
Dark theme icon (depiction of a moon)
Set theme to dark (⇧+D)
↑ Top
Products
WAF
Reference
Reference
Alerts
Phases
Challenges
Migration guides
Legacy features