This article follows on from the previous post on “How to set your Cloudflare web application firewall to simulate mode“.
Ideally, you have been able to set your web application firewall (WAF) to “On” and it is now tracking events as “simulate, block, or challenge” modes.
How to customise your Cloudflare firewall for your business
Step 1 – Find your Firewall Events logs
You can check your ‘Firewall Events” log in the “Traffic” tab and changing settings in “Firewall” tab. This Firewall Events section will detail requests affected by both IP Firewall and Web Application Firewall (WAF) rules.
Step 2 – Check your Firewall Events logs
- Simulate: Logs the event and does not block or challenge the visitor (you can still decide to set to a block or challenge after review of the event).
- Block: Block will block visitors from that IP from accessing the site.
- Challenge: Will display a challenge (captcha) page before the visitor can enter the site to simulate and start tracking firewall event actions it would have taken.
Step 3 – View each Firewall event details
You might be wondering, why not block or challenge everything?
Step 4 – Look up the Firewall Rule Triggered
Step 4.1 Find “Rule details” under “Package: Cloudflare Rule Set”
Under the “Firewall” tab> “Web Application Firewall”> Click on “Rule details” under the “Package: Cloudflare Rule Set”
Step 4.2 Find “Advanced”
Step 4.3 Review Cloudflare Firewall rules by Rule ID