Firewall Events Log Update

Thread for discussion and feedback about the new events log.

1 Like

I recently started using Page Rules on urls like “example.com/wp-login.php” for WordPress with Browser Integrity Check: ON & Security Level: I’m Under Attack. These rules have drastically reduced the brute force login attempts as seen by my server logs. When I look at the new Cloudflare Firewall Events and see a JS Challenge, what I don’t see is if they succeeded in completing the challenge or are successful completions not shown in this log?

is custom firewall rules working and event log showing since the update?

Yes, they are working. I am trying to understand the log better. When the log displays JS Challenge, I understand a challenge was presented to the visitor, but were they able to successfully complete the challenge and continue to the page or were they blocked? The log doesn’t really say either way.

I was just checking this very thing. No, I don’t see a result of the challenge, but I wish I did. Maybe the JS Challenge is a different mechanism from Firewall Events. The only way to see if they passed is if the request made it to your server logs.

Some feedback on this new feature:
I feel like this firewall event page is a huge step forward for reviewing logs and self service usability!

The couple things that I find frustrating are:

  1. When we filter by host it needs to be an exact match instead of a regex expression(or at least as we have ‘contains’, so ‘not contains’ would be nice).

ie. if i have subdomain.domain.com and want to exclude all the events from the log i cannot as the host column includes port for some reason…
subdomain.domain.com:2020
subdomain.domain.com:2012
subdomain.domain.com:2021
image
etc…

  1. The 50%/50% chance of getting ‘There was an error fetching your firewall events’ :frowning:

Thanks for the feedback, @nerdingas.armaitis.

cc @alexcf

Thanks for this! I now see Hotlink Protection is now exposed as a Firewall Event. It would be great to see the Referrer field to tell if some other site is hotlinking or if we are messing up by hotlinking to ourselves on third-party sites.

This topic was automatically closed after 30 days. New replies are no longer allowed.