Cloudflare Docs

Cloudflare Docs

Overview
About
Custom Rules
Custom Firewall rules
Create Custom Firewall rules in the dashboard
Create Custom Firewall rules via API
Configure a rule with the Skip action
API examples
Skip options
Rate Limiting rules
Determining the request rate
Create Rate Limiting rules in the dashboard
Create Rate Limiting rules via API
Rate limiting parameters
Common use cases
Manage Custom Rules in the dashboard
Managed Rulesets
Cloudflare Managed Ruleset
Cloudflare OWASP Core Ruleset
Cloudflare Exposed Credentials Check
Deploy Managed Rulesets for a zone
Deploy rulesets via API
Defining WAF exceptions
Define WAF exceptions in the dashboard
Define WAF exceptions via API
Log the payload of matched rules
Configure payload logging in the dashboard
View the payload content in the dashboard
Configure payload logging via API
Command-line operations
Generate a key pair
Decrypt the payload content
Automated exposed credentials check
How exposed credentials checks work
Configure exposed credentials checks via API
Test your exposed credentials checks configuration
Monitor exposed credentials events
Analytics
Free plan
Paid plans
Additional information
Alerts
Change log
Scheduled changes
2022-02-28
2022-02-21
2022-02-14
2022-01-24
2021-12-16 – Emergency
2021-12-14 – Emergency
2021-12-10 – Emergency
2021-11-01
2021-10-25
2021-10-19
2021-10-04
2021-09-06
2021-09-01 – Emergency
2021-08-31
2021-08-23
2021-08-16
2021-07-26
2021-07-19
2021-07-01 – Emergency
2021-06-21
2021-06-14
2021-06-07
2021-06-01
2021-04-21 – Emergency
2021-04-19
2021-03-22
2021-03-08
2021-03-06 – Emergency
2021-03-05 – Emergency
2021-03-01
2020-12-14
2020-12-02
2020-11-16
2020-11-05 – Emergency
2020-11-04 – Emergency
2020-10-19
2020-10-12
2020-10-05
2020-09-28
2020-09-21
2020-09-15
2020-09-07
2020-08-24
2020-09-01
2020-07-27
2020-08-03
2020-07-20
2020-07-07 – Emergency
2020-07-13
2020-06-22
2020-06-15
2020-06-08
2020-05-25
2020-05-11
2020-05-04
2020-04-27
2020-04-20
2020-04-06
2020-03-30
2020-03-23
2020-03-12
2020-03-09
2020-03-02 – Emergency
2020-02-17
2020-02-10
2020-01-27
2020-01-20
2020-01-16 – Emergency
2019-12-16
2019-11-25 – Emergency
2019-11-12
2019-11-07 – Emergency
2019-11-04
2019-10-27 – Emergency
2019-10-23 – Emergency
2019-10-21
2019-10-17 – Emergency
2019-10-14
2019-10-07
2019-09-30
2019-09-26 – Emergency
2019-09-16
Historical

Managed Rulesets

Cloudflare provides the following Managed Rulesets in the WAF:

Ruleset	Description
Cloudflare Managed Ruleset	Created by the Cloudflare security team, this ruleset provides fast and effective protection for all of your applications. The ruleset is updated frequently to cover new vulnerabilities and reduce false positives.
Cloudflare OWASP Core Ruleset	Cloudflare's implementation of the Open Web Application Security Project, or OWASP ModSecurity Core Rule Set. Cloudflare routinely monitors for updates from OWASP based on the latest version available from the official code repository.
Cloudflare Exposed Credentials Check	Deploy an automated credentials check on your end-user authentication endpoints. For any credential pair, the Cloudflare WAF performs a lookup against a public database of stolen credentials.

The following rulesets run in the response phase:

Ruleset	Description
Cloudflare Sensitive Data Detection (Beta)	Created by Cloudflare to address common data loss threats. These rules monitor the download of specific sensitive data — for example, financial and personally identifiable information. Available in Firewall > Data.

Phases of deployed Managed Rulesets

When you enable a Managed Ruleset in the WAF tab, you are deploying that Managed Ruleset to the zone-level http_request_firewall_managed phase.

Other Managed Rulesets, like DDoS Managed Rulesets, are deployed to a different phase. Refer to the specific Managed Ruleset documentation for details.

For more information on phases, refer to Phases .