What is the difference between a High and Low WAF setting?

There are two settings for the Cloudflare Web Application Firewall (WAF), ‘High’ and ‘Low’. You can determine how aggressively you want the security settings enforced on a website by website basis by choosing Low or High.  A ‘Low’ setting means that the WAF will enforce the filtering rules less aggressively than ‘High.’  

Determining which setting is appropriate for your site depends on several factors, including the type of business and your business operations. If your business operates within a certain industry that may trigger the WAF, then the Low setting is more appropriate. As an example, if your website sells watches, you may want to set the setting to ‘Low’ because your visitors are likely posting comments about Rolex in a legitimate fashion.

If your business operations include uploading large files to your origin server, then the ‘Low’ setting is more appropriate. On a ‘High’ setting, uploading large files will trigger the firewall since this is a common attack vector.  

For a business website, we recommend you set the Web Application Firewall to “Low” initially.  You will be able to see which attacks are getting blocked and if you need to move to the higher setting, that change will take effect within two minutes.

Note: If you are getting the Web Application Firewall triggered in the admin section of your site (yoursite.com.admin), we would strongly recommend setting a Page Rule to exclude the admin section of your site from being affected by the WAF. You can also whitelist your IP to override the challenge behavior for the WAF.

Still not finding what you need?

The CloudFlare team is here to help. 95% of questions can be answered using the search tool, but if you can’t find what you need, submit a support request.

Powered by Zendesk