How to simulate WAF in action without actually blocking traffic

I’m applying WAF (pro plan) to an existing domain with production workload on it. I don’t want to turn WAF on right away as it might affect the workload. I understand that the recommended practice is to ‘simulate’ WAF actions for a while and monitor the log to see if there are legitimate requests that would get blocked.

I looked into Cloudflare dashboard and found that there is a setting called “Log” under Ruleset action. Is this the right place to achieve what I want? I assume that if I set Ruleset action to “Log”, it will log all events that Cloudflare determines are dangerous/risky requests without actually blocking them, which I can review later in the “Events” tab.


Hi there,

Yes, that will only log, but that’s the action only for that managed ruleset.
Every other WAF custom rule, rate limiting rules and super bot fight mode, will still be taken into account if enabled.

Take care.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.