Cloudflare Docs
Firewall
Cloudflare Docs
Firewall
Search icon (depiction of a magnifying glass)
GitHub icon
Visit Firewall on GitHub
Set theme to dark (⇧+D)

Preview Firewall Rules

Overview

Cloudflare Firewall Rules provides a powerful and flexible platform for filtering HTTP requests and protecting your site amid an evolving threat landscape. However, the same power and flexibility that allows you to tailor Firewall Rules to your specific application and environment can also introduce complexity. In these cases, it is critical that you have a way to test a Firewall Rule before deploying it so that you can ensure the rule will behave the way you expect.

To help customers understand the potential impact of a rule, Cloudflare has built Rule Preview. With the click of a button, Rule Preview allows you to test a Firewall Rule against a sample drawn from the last 72 hours of traffic. Rule Preview is built into the Firewall Rules Expression Editor so that you can test a rule as you edit it.

Use Rule Preview

To test a Firewall Rule with Rule Preview:

  1. Locate the desired rule in the Rules List and click the associated Edit button (wrench icon). The Edit Firewall Rule panel will open.
  2. Click Test rule to trigger the test.

Expression Builder Test Rule button

The results of the test are displayed in a plot that simulates how many of the total requests in the last 72 hours would have matched the tested expression.

In this screenshot, a rule that matches all User-Agents that contain the string Mozilla would block about 8% of requests to the zone:

Example rule preview results chart

Important Notes

Consider the results of Firewall Preview an indication of traffic levels, not an exact calculation. The sample rate can be as little as 1% of your total traffic.

Rule Preview does not take into account other Cloudflare Firewall Rules that you have already configured. In effect, Rule Preview tests a single Firewall Rule in isolation. Firewall Events or any other rules with a higher priority that may have blocked or challenged a request are ignored.

You cannot test Firewall Rules that reference IP Lists .

Cloudflare does not store the entirety of requests, so only a limited number of fields are available to Rule Preview. The table below lists the fields that Rule Preview supports (green cells), broken down by operator. Fields and operators that are not supported are not included in this table.

EqualNot equalGreater thanLess thanGreater than or equalLess than or equalInContains
AS Number

ip.geoip.asnum

Country

ip.geoip.country

Hostname

http.host

IP Address

ip.src

Referer

http.referer

Request method

http.request.method

SSL

ssl

URI

http.request.uri

URI path

http.request.uri.path

URI query string

http.request.uri.query

User agent

http.user_agent