Overview
Concepts
WAF ML
File scanning
Custom rules
Create custom rules in the dashboard
Create custom rules via API
Configure a rule with the Skip action
API examples
Skip options
Manage custom rules in the dashboard
Firewall rules
Rate limiting rules
Determining the rate
Create rate limiting rules in the dashboard
Create rate limiting rules via API
Rate limiting parameters
Common use cases
Managed Rulesets
Cloudflare Managed Ruleset
Cloudflare OWASP Core Ruleset
Cloudflare Exposed Credentials Check
Deploy Managed Rulesets for a zone
Deploy rulesets via API
Defining WAF exceptions
Define WAF exceptions in the dashboard
Define WAF exceptions via API
Log the payload of matched rules
Configure payload logging in the dashboard
View the payload content in the dashboard
Configure payload logging via API
Command-line operations
Generate a key pair
Decrypt the payload content
Additional tools
IP Access rules
Create a rule
Parameters
Actions
Automated exposed credentials check
How exposed credentials checks work
Configure exposed credentials checks via API
Test your exposed credentials checks configuration
Monitor exposed credentials events
Analytics
Free plan
Paid plans
Additional information
Alerts
Changelog
Scheduled changes
2022-08-01
2022-07-25
2022-07-18
2022-07-06
2022-07-05
2022-06-20
2022-06-10 – Emergency
2022-06-07 – Emergency
2022-06-06
2022-06-04 – Emergency
2022-06-03 – Emergency
2022-05-30
2022-05-16
2022-05-10 – Emergency
2022-05-09
2022-04-25
2022-04-20
2022-04-11
2022-04-04 – Emergency
2022-03-31 – Emergency
2022-03-29 – Emergency
2022-03-14
2022-03-07
2022-02-28
2022-02-21
2022-02-14
2022-01-24
2021-12-16 – Emergency
2021-12-14 – Emergency
2021-12-10 – Emergency
2021-11-01
2021-10-25
2021-10-19
2021-10-04
2021-09-06
2021-09-01 – Emergency
2021-08-31
2021-08-23
2021-08-16
2021-07-26
2021-07-19
2021-07-01 – Emergency
2021-06-21
2021-06-14
2021-06-07
2021-06-01
2021-04-21 – Emergency
2021-04-19
2021-03-22
2021-03-08
2021-03-06 – Emergency
2021-03-05 – Emergency
2021-03-01
2020-12-14
2020-12-02
2020-11-16
2020-11-05 – Emergency
2020-11-04 – Emergency
2020-10-19
2020-10-12
2020-10-05
2020-09-28
2020-09-21
2020-09-15
2020-09-07
2020-08-24
2020-09-01
2020-07-27
2020-08-03
2020-07-20
2020-07-07 – Emergency
2020-07-13
2020-06-22
2020-06-15
2020-06-08
2020-05-25
2020-05-11
2020-05-04
2020-04-27
2020-04-20
2020-04-06
2020-03-30
2020-03-23
2020-03-12
2020-03-09
2020-03-02 – Emergency
2020-02-17
2020-02-10
2020-01-27
2020-01-20
2020-01-16 – Emergency
2019-12-16
2019-11-25 – Emergency
2019-11-12
2019-11-07 – Emergency
2019-11-04
2019-10-27 – Emergency
2019-10-23 – Emergency
2019-10-21
2019-10-17 – Emergency
2019-10-14
2019-10-07
2019-09-30
2019-09-26 – Emergency
2019-09-16
Historical

Scheduled changes

Announcement Date	Release Date	Release Behavior	Legacy Rule ID	Rule ID	Description	Comments
2022-08-08	2022-08-22	Block	100135DBETA	...99de0930	XSS - JS On Events	This detection will replace ...aa290ad9 on new WAF and 100135D on legacy
2022-08-08	2022-08-22	Block	100005BETA	...c4ab1381	DotNetNuke - File Inclusion - CVE:CVE-2018-9126, CVE:CVE-2011-1892	This detection will replace ...1bc977d1 on new WAF and 100005 on legacy
2022-08-08	2022-08-22	Block	N/A	...9b16ea5e	CVE-2020-13443	N/A
2022-08-08	2022-08-22	Block	N/A	...94700cae	Drupal, Magento, PHP - Deserialization - CVE:CVE-2019-6340, CVE:CVE-2016-4010 - 2	N/A
2022-08-08	2022-08-15	Disable	N/A	...8e2e15a5	SQLi - Strict	N/A
2022-08-08	2022-08-15	Disable	N/A	...25ba9d7c	SSRF - Cloud	N/A
2022-08-08	2022-08-15	Disable	N/A	...8242627b	SSRF - Local	N/A
2022-08-08	2022-08-15	Disable	N/A	...74a51804	SSRF - Host	N/A