We are using the “free” version to evaluate the product prior to purchasing a subscription.
Is it correct that the WAF tool follows the discretionary / opt-out security model of “allow access if you do not fail a WAF rule”?
If this is true, which it appears to be in practice, is there an option to flip it to a opt-out security model of “deny access unless a WAF rule explicitly allows access”?
( see url [https://developers.cloudflare.com/firewall/cf-firewall-rules/order-priority](https://developers.cloudflare.com/firewall/cf-firewall-rules/order-priority) )
Sorry if this has been previously asked. The documentation is light, and does not appear to fully address the topic.