Cloudflare Docs

Cloudflare Docs

Overview
About
Custom Rules
Custom Firewall rules
Create Custom Firewall rules in the dashboard
Create Custom Firewall rules via API
Configure a rule with the Skip action
API examples
Skip options
Rate Limiting rules
Determining the request rate
Create Rate Limiting rules in the dashboard
Create Rate Limiting rules via API
Rate limiting parameters
Common use cases
Manage Custom Rules in the dashboard
Managed Rulesets
Cloudflare Managed Ruleset
Cloudflare OWASP Core Ruleset
Cloudflare Exposed Credentials Check
Deploy Managed Rulesets for a zone
Deploy rulesets via API
Defining WAF exceptions
Define WAF exceptions in the dashboard
Define WAF exceptions via API
Log the payload of matched rules
Configure payload logging in the dashboard
View the payload content in the dashboard
Configure payload logging via API
Command-line operations
Generate a key pair
Decrypt the payload content
Automated exposed credentials check
How exposed credentials checks work
Configure exposed credentials checks via API
Test your exposed credentials checks configuration
Monitor exposed credentials events
Analytics
Free plan
Paid plans
Additional information
Alerts
Change log
Scheduled changes
2022-02-28
2022-02-21
2022-02-14
2022-01-24
2021-12-16 – Emergency
2021-12-14 – Emergency
2021-12-10 – Emergency
2021-11-01
2021-10-25
2021-10-19
2021-10-04
2021-09-06
2021-09-01 – Emergency
2021-08-31
2021-08-23
2021-08-16
2021-07-26
2021-07-19
2021-07-01 – Emergency
2021-06-21
2021-06-14
2021-06-07
2021-06-01
2021-04-21 – Emergency
2021-04-19
2021-03-22
2021-03-08
2021-03-06 – Emergency
2021-03-05 – Emergency
2021-03-01
2020-12-14
2020-12-02
2020-11-16
2020-11-05 – Emergency
2020-11-04 – Emergency
2020-10-19
2020-10-12
2020-10-05
2020-09-28
2020-09-21
2020-09-15
2020-09-07
2020-08-24
2020-09-01
2020-07-27
2020-08-03
2020-07-20
2020-07-07 – Emergency
2020-07-13
2020-06-22
2020-06-15
2020-06-08
2020-05-25
2020-05-11
2020-05-04
2020-04-27
2020-04-20
2020-04-06
2020-03-30
2020-03-23
2020-03-12
2020-03-09
2020-03-02 – Emergency
2020-02-17
2020-02-10
2020-01-27
2020-01-20
2020-01-16 – Emergency
2019-12-16
2019-11-25 – Emergency
2019-11-12
2019-11-07 – Emergency
2019-11-04
2019-10-27 – Emergency
2019-10-23 – Emergency
2019-10-21
2019-10-17 – Emergency
2019-10-14
2019-10-07
2019-09-30
2019-09-26 – Emergency
2019-09-16
Historical

Custom Rules

Custom Rules allow you to protect your website and your APIs from malicious or excessive incoming traffic.

Use Custom Rules in the Firewall app to define the following rule types:

Custom Firewall rules — Control incoming traffic by filtering requests. Perform actions like Block or JS Challenge on incoming requests according to rules you define.
Rate Limiting rules — Check for excessive incoming traffic and apply mitigation actions.

Custom Rules are built upon the Ruleset Engine which you can use to define rules and actions in several Cloudflare products.

Rule execution order

Cloudflare evaluates different types of rules when processing incoming requests. The rule execution order is the following:

Firewall Rules , available in the Firewall Rules tab
Custom Firewall rules , available in the Custom Rules tab
Rate Limiting rules , available in the Custom Rules tab
Managed Rulesets , available in the WAF tab
Rate Limiting Rules (previous version), available in the Tools tab