A brief information on Cloudflare custom firewall settings.

Blocking malicious traffic is important to prevent an attack against origin servers. In this tutorial, I would like to describe the custom firewall setting available in Cloudflare dashboard.

Cloudflare is a business focuses on the web site's security and caching. It helps website developers to prevent DDOS (Distributed Denial of Service) attack on the origin web server and to reduce the load on the system.

Cloudflare indeed offers a free plan; to receive Cloudflare benefits all you need is to point the nameserver of your domain to Cloudflare assigned nameserver. The steps are simple and easy to follow. We may discuss it on another blog post.

When we come to the firewall settings, Cloudflare provides 5 rules to manage in the free plan. The response of the matched firewall rule can have 6 types. They are :

1. Log
2. Bypass 
3. Allow 
4. Challenge (or captcha)
5. JS Challenge
6. Block. 

The log is available to Enterprise customers only. All other actions are available in every plan of Cloudflare.

Log

Setting this as the action for a firewall rule will log every matched request in the logs. And this action type is currently only available to Enterprise customers.

Bypass

This will dynamically disable the Cloudflare security features for the matched request. After the bypass action, the request is subjected to evaluation to the rest of the rules by the order.

Allow

All the request which match the rule with action as allow will bypass any challenge or block rule within the firewall custom rules. But are not subjected to IP access or WAF rules.

Challenge

The visitor or client needs to pass a captcha test to see the response from the server. Else the client cannot see the requested content on the web.

JS Challenge

Cloudflare javascript challenge must be passed by the client to see the requested content. Else the request will be blocked.

Block

Every request that matches the rule with this action will be blocked immediately. And the client cannot see the requested content on the web.

Expressions available for fields in firewall rules

There are some default expressions to filter requests to your website. These include AS Num, cookie, Country, Hostname, IP address, Referer, Request Method, URI, etc.. These expressions' operator and value can be set up in the UI itself. Cloudflare also provides the option to do this by coding the expression.

Conclusion

Cloudflare provides custom firewall options to reduce the requests which you feel are malicious for the website. You can customize the request as your wish with the help of adding fields and editing the values of the expression. You can utilize the custom firewall from Cloudflare to block or challenge unwanted requests.