How to log specific HTTP status codes


How can we log specific HTTP status codes such as 400, 401, and 429? I have configured this setting in the Web Application Firewall (WAF), but it is not functioning properly.

Why would requests contain HTTP status codes?

Excuse me, I apologize for the confusion. What I meant to say was how to log the addresses whose response status code is 401.

WAF looks at requests, not at the response. You cannot use it to log based on the response.

1 Like

If it helps to explain:
The header field in WAF is the incoming http request headers from the user
The Status code is not a header
The WAF runs for requests coming in. It doesn’t have access to the response phase/isn’t ran on the response.

What are you trying to do? If the CF Waf blocks something, it’ll log it in firewall events. If you’re trying to see what your origin is blocking, I would setup some logging on your origin itself.


Thank you, @Chaika and @Laudian.

I would like to log any suspicious activity occurring on my website. Specifically, I want to identify the IP addresses of users attempting to access certain pages that are intentionally designed as traps. I prefer not to perform this logging directly on the server. Is there a way to accomplish this using Cloudflare?

If you configure the blocks to happen via Cloudflare, for example with Custom Rules, perhaps on specific paths, you could. Otherwise, you could use a Worker, to fetch the response and check the status code, and then log to some destination, call an HTTP Endpoint, etc, if your goal was just to offload it from your origin. You could also use Pro+'s Web Traffic Analytics to filter by an edge status code and see some of the source IPs, but there’s no activity log like Security Events would have.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.