I would like to know the priority set for the different firewall mechanisms to understand the order in which they are processed.
- Customer Requested Rules
- Cloudflare Managed Ruleset
- Package: OWASP ModSecurity Core Rule Set
- Firewall Rules
- IP Access Rules
- User Agent Blocking
- Zone Lockdown
I searched the Website, Learning Center, Support Center, Blog and Community, but I didn’t find this information.
Could you please clarify? Thanks in advance!
Not 100% on this, maybe someone else (@alexcf, @cloonan, @cs-cf) can verify, but this is what I believe:
IP Access Rules
User Agent Blocking
Not entirely sure where the various Managed Rules come in order!
Thank you very much for the quick response!
I’ll just wait a bit before marking this answer as a solution in case any of the mentioned users rectify the information.
No worries, of course! I hope they will (and if not, will nag!)
Personally, I think this should be published somewhere and kept up to date… either here or on support… @cloonan, any plans / chance of this?
This is pretty much spot on - Managed Rules happen in the WAF. The Cloudflare Managed Rulesets run before OWASP, then after that comes Cloudflare Workers.
Thank you @domjh and @alexcf for all the clarifications!