[Solved] WAF features according to the paid plan


#1

Hello,

Regarding WAF, I’d like to understand what differences between paid plan are.


In this URL above, could you please explain me where to set OWASP rule sensitivity with my Pro plan?


I read in this URL above about Cloudflare Rulesets Package, OWASP Rulesets Package and Custom WAF Rules. What I understood, I don’t have Custom WAF Rules with the Pro plan but what about Cloudflare Rulesets Package and OWASP Rulesets Package?

With the Pro plan:
Could you please tell me if I’m supposed to have access to Cloudflare Rulesets Package and OWASP Rulesets Package?
If yes, could you please tell me how to access?

Is it possible to have different settings for different subdomains? Like xxx.mydomain.com = configuration A and yyy.mydomain.com = configuration B

If yes, do I need to different paid plan?

Last question, is it possible to subscribe to the Business plan just for one month to see if I can do what I want and if it’s not the case, come back to the Pro plan?

Thank you very much


#2

You can find this by going to the domain -> firewall -> managed rules (or click here). You’ll find it around the middle of the page.

You will also find “Cloudflare managed ruleset” above OWASP on the same page.

You can’t have different settings for different pages, but you can create a page rule with “bypass security” if you don’t want WAF triggering at all.

I’m not sure if this is possible. On my business domain, I can’t downgrade to Pro, but I was upgraded by someone at CF so it may be different.
cc @cloonan.


#3

Hi @jrivoire, we bill in 1 month increments, so it seems you could do this for a month, if not automatically as @Judge commented, I suspect if you login and contact support they could assist in a downgrade/upgrade prcess if need be. If you do contact support, please post the ticket.


#4

Thank you very much Judge.
I thought that was in this tab but I don’t have anything else than that:

Could it be because I didn’t change my nameservers yet?


#5

The domain needs to be active to be able to see Cloudflare Managed Ruleset