Cloudflare Docs

Cloudflare Docs

Overview
Concepts
WAF ML
Uploaded content scanning
Custom rules
Create custom rules in the dashboard
Create custom rules via API
Configure a rule with the Skip action
API examples
Skip options
Manage custom rules in the dashboard
Firewall rules
Rate limiting rules
Determining the rate
Create in the dashboard for a zone
Create rate limiting rules via API
Rate limiting parameters
Common use cases
Managed Rulesets
Deploy in the dashboard for a zone
Deploy in the dashboard for an account
Deploy via API
Ruleset reference
Cloudflare Managed Ruleset
Cloudflare OWASP Core Ruleset
Cloudflare Exposed Credentials Check
Defining WAF exceptions
Define WAF exceptions in the dashboard
Define WAF exceptions via API
Log the payload of matched rules
Configure payload logging in the dashboard
View the payload content in the dashboard
Configure payload logging via API
Command-line operations
Generate a key pair
Decrypt the payload content
Custom rulesets
Use the dashboard
Use the API
Additional tools
IP Access rules
Create a rule
Parameters
Actions
Automated exposed credentials check
How exposed credentials checks work
Configure exposed credentials checks via API
Test your exposed credentials checks configuration
Monitor exposed credentials events
Analytics
Free plan
Paid plans
Additional information
Reference
Alerts
Phases
Changelog
Scheduled changes
2022-09-20 – Emergency
2022-09-12
2022-09-05
2022-08-30
2022-08-22
2022-08-15
2022-08-01
2022-07-25
2022-07-18
2022-07-06
2022-07-05
2022-06-20
2022-06-10 – Emergency
2022-06-07 – Emergency
2022-06-06
2022-06-04 – Emergency
2022-06-03 – Emergency
2022-05-30
2022-05-16
2022-05-10 – Emergency
2022-05-09
2022-04-25
2022-04-20
2022-04-11
2022-04-04 – Emergency
2022-03-31 – Emergency
2022-03-29 – Emergency
2022-03-14
2022-03-07
2022-02-28
2022-02-21
2022-02-14
2022-01-24
2021-12-16 – Emergency
2021-12-14 – Emergency
2021-12-10 – Emergency
2021-11-01
2021-10-25
2021-10-19
2021-10-04
2021-09-06
2021-09-01 – Emergency
2021-08-31
2021-08-23
2021-08-16
2021-07-26
2021-07-19
2021-07-01 – Emergency
2021-06-21
2021-06-14
2021-06-07
2021-06-01
2021-04-21 – Emergency
2021-04-19
2021-03-22
2021-03-08
2021-03-06 – Emergency
2021-03-05 – Emergency
2021-03-01
2020-12-14
2020-12-02
2020-11-16
2020-11-05 – Emergency
2020-11-04 – Emergency
2020-10-19
2020-10-12
2020-10-05
2020-09-28
2020-09-21
2020-09-15
2020-09-07
2020-08-24
2020-09-01
2020-07-27
2020-08-03
2020-07-20
2020-07-07 – Emergency
2020-07-13
2020-06-22
2020-06-15
2020-06-08
2020-05-25
2020-05-11
2020-05-04
2020-04-27
2020-04-20
2020-04-06
2020-03-30
2020-03-23
2020-03-12
2020-03-09
2020-03-02 – Emergency
2020-02-17
2020-02-10
2020-01-27
2020-01-20
2020-01-16 – Emergency
2019-12-16
2019-11-25 – Emergency
2019-11-12
2019-11-07 – Emergency
2019-11-04
2019-10-27 – Emergency
2019-10-23 – Emergency
2019-10-21
2019-10-17 – Emergency
2019-10-14
2019-10-07
2019-09-30
2019-09-26 – Emergency
2019-09-16
Historical

WAF phases

The Web Application Firewall provides the following phases where you can create rulesets and rules:

http_request_firewall_custom
http_ratelimit
http_request_firewall_managed

These phases exist both at the account level and at the zone level. Considering the available phases and the two different levels, rules will be evaluated in the following order:

WAF feature	Scope	Phase	Ruleset kind	Location in the dashboard
Custom rulesets	Account	`http_request_firewall_custom`	`custom` (create) `root` (deploy)	Account Home > Application Security > WAF > Custom rulesets
Custom rules	Zone	`http_request_firewall_custom`	`zone`	Your zone > Security > WAF > Custom rules
Rate limiting rules	Account	`http_ratelimit`	`root`	N/A
Rate limiting rules	Zone	`http_ratelimit`	`zone`	Your zone > Security > WAF > Rate limiting rules
WAF Managed Rulesets	Account	`http_request_firewall_managed`	`root`	Account Home > Application Security > WAF > Managed rulesets
WAF Managed Rulesets	Zone	`http_request_firewall_managed`	`zone`	Your zone > Security > WAF > Managed rules

To learn more about phases, refer to Phases in the Ruleset Engine documentation.