Estimated timeline of new Firewall rules bypass action

Other Community threads mention that the “bypass” feature is not yet available for the “new” WAF that was rolled out in the last few months. I have 3 questions:

  1. Is this “bypass” feature others are mentioning the same thing as the “bypass” action that is available for user-created firewall rules? The idea being that you manually create a bypass rule to allow traffic that match certain criteria to bypass multiple CF security features, as opposed to creating a Page Rule to disable the WAF for a specific URL.

  2. Is there an estimated timeline for when this bypass feature will be implemented? If so, where is that information available?

  3. Is this lack of a bypass feature also related to the reason why I am unable to configure my OWASP managed ruleset default action to be “Log”? Despite being the global admin for our CF account, when trying to configure this I receive a “not entitled to use the log action (Code: undefined)” error.


Good one,

I opened a ticket with Cloudflare Support regarding Question (3) in my original post.
They confirmed that the “Log” action has historically only been available to Enterprise Plans (however, things might be changing in the next few weeks), so I interpret that to mean the “Log” action issue I was experiencing has nothing to do with the “bypass” rule functionality.

I’m still wondering about (1) and (2).

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.