Preview WAF rules before enforcing them

Hello community

I’m trying to figure out if it is possible with the Cloudflare Business plan to preview (just log) custom or managed WAF rules before actually enforcing them on incoming traffic but I can’t find an answer to my question anywhere in the docs.

The only resource I was able to find is https://developers.cloudflare.com/firewall/cf-dashboard/rule-preview/ of the now deprecated product “Firewall”, which states that rules can be previewed based on the logs up to 72 hours ago. Is this still possible with the new WAF?

Thanks for any hints!

Rule Preview is not possible with new Custom Rules, and it was only ever released to Enterprise with the old Firewall Rules.
With the new Custom Rules, the Log action as well is only available to Enterprise.

You could deploy your rule as a managed challenge instead of block for example, to not block people outright, and use the challenge solve rate to help guide your decisions. You could also kind of hackily have a “Log” function by using Skip with some product you don’t use (like old rate limiting or super bot fight mode), with Log matched requests enabled.

As for Managed Rules, used for controlling the managed rulesets, as far as I know there is no preview ever available to any plan, and no way to just log matched requests.

If you have Business, you have Web Traffic Analytics, as well as Security → Analytics, and you could use its Add Filter options, which expose a similar set of fields, to see how many requests might match.

Thank you very much for your detailed response @Chaika - this helps a lot!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.