Very that traffic is going through cloudflare WAF

Team, how do I very that traffic from an application is going through Cloudflare WAF

It’s not always easy to verify, but if your server is configured to block all traffic that doesn’t come from the cloudflare.com/ips list, then it’s a safe bet that all traffic to your domain (on a Paid plan) is going through the WAF.

Hello sdayman. I placed an application behind the WAF but how do I know for sure that this application is seating behind the WAF? There must be a way to figure that outright?

Watch the headers in either direction. Cloudflare adds headers to incoming (request) and outgoing (response) traffic.

You can also go into the WAF rules, and enable one you know you can violate as Block, and then manually ‘curl’ the endpoint with a request that violates that WAF rule.

2 Likes