Creating Custom WAF rules

Overview

Cloudflare has a few ruleset packages that are available for use in Cloudflare's Web Application Firewall (WAF). These are: 

  • Cloudflare Rulesets (predefined),
  • OWASP Rulesets (predefined),
  • Custom WAF Rules (customizable for your business)

Our article, Configuring the WAF, gives a good overview of the different types of rulesets that you can configure in more detail. However, for this article, we will describe how to create a Custom WAF rule.

Custom WAF Rules, available on the Business and Enterprise plans, are rules that the Cloudflare WAF team writes specifically for a customer, based on that customer's unique requirements and/or their website's traffic patterns. This means that you can ask us to block virtually any combination of characteristics of a request.

This is to cater for situations where the attacker may be using a specific pattern or user agent and the Cloudflare WAF doesn’t have a rule in place already, that may be targeted specifically for your website's structure and not other customers. In these situations, you can create a custom rule for your web property. 

For example, we can make a rule that blocks a request if the URL contains the word "hello", and the User-Agent contains the word "world", and only if that request's Referer doesn't contain "example.com". The possibilities are endless.

For Custom rules, we will either create a rule as per your requirements, or in some cases, we will review traffic patterns using logs either on our end or from your servers, and come up with the appropriate rules that would protect you from any undesired traffic.


Create custom WAF rule

There are two ways to create a custom WAF rule:

  1. Request a custom WAF rule via the Cloudflare dashboard: In the Firewall app under the Managed Rules tab, click on Request a rule in the Web Application Firewall section.
  2. Contact Cloudflare Support by submitting a ticket with the relevant WAF rule information.
Custom WAF rules can take up to 3 business days to be implemented fully. This is due to our staff having to build, test, and deploy the rule(s).

If you have any questions, please feel free to chat with other Cloudflare users and administrators in our Cloudflare community.

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Powered by Zendesk