We are trying to compare AWS WAF vs. Cloudflare WAF and we came into rumors that Cloudflare is not inspection JSON body when considering response for WAF rules.
Is this true? There is no single point in this regards in the documentation.
@hafida or somebody from support? can you chime in and confirm this?
My team is very interested in this topic too. We’ve trying to make a purchase decision between Cloudflare WAF and Azure WAF (using FrontDoor or Application Gateways), but we read something similar to what the original poster said.
or @Wanda might be able to answer this question?