Web Application Firewall

Hi guys,
How can I understand if a WAF is enabled on my site?
is Cloudflare WAF Free? If yes, how can I set it up?

WAF is only available on Pro plans ($20/month).

but how can I understand if any WAF is enabled on my site?
is there any check tools? or ways?

You can try going to example.com/.git/HEAD (replace example.com with your website). This will trigger rule:

ID Description Group
100016 Block requests to version control systems Cloudflare Specials

(Make sure to go to the URL from an IP address that’s not whitelisted)

is there any way to check owasp waf rules is enabled or not?

In the past few months of my website I can’t find any triggered firewall rules that come from the OWASP ruleset, so not sure how to trigger/test to see if OWASP is set up.

This topic was automatically closed after 30 days. New replies are no longer allowed.