Business and Enterprise customers can request custom WAF rules by providing attack traffic logs and suggesting the appropriate mod_security rule syntax.
It shares aspects of a Web application framework and a content management system (CMS).Our web application firewall sits on the same Anycast network that powers our global CDN, HTTP/2, and web optimization features.Our WAF rule sets result in latency of less than 1 millisecond.Cloudflare’s enterprise-class web application firewall (WAF) protects your Internet property from common vulnerabilities like SQL injection attacks, cross-site scripting, and cross-site forgery requests with no changes to your existing infrastructure.Cloudflare security engineers constantly monitor the Internet for new vulnerabilities.When we find threats that apply to a large portion of our users, we automatically apply WAF rules to protect their Internet properties.
Let us take care of tracking state-of-the-art hacking techniques so you can focus on creating useful features instead of protecting them from would-be attackers.
Rules created by Cloudflare in response to new threats are responsible for mitigating the vast majority of threats on our network.
While traditional OWASP rules and customer specific rules are important, they are not enough without Cloudflare's automatic WAF updates.
Cloudflare's Free plan has no limit on the amount of bandwidth your visitors use or websites you add.
If you want to make your site even faster and more resilient, you can easily upgrade to one of our higher tier plans.
When one customer requests a new custom WAF rule, we analyze whether it applies to all 7 million domains on our network.