I am using Cloudflare WAF for our system. I realize the Cloudflare Firewall is implementing the priority for each rule, but the Rate Limit does not, which I find quite inconvenient.
For example:
Without priority (current):
Rule 1:
expression: http.host eq "example.com" and http.request.uri.path contains "/test"
requests_per_period: 100
period: 10
mitigation_timeout: 10
action: block
Rule 2:
http.host contains "example.com" and not ip.src in {IP_A IP_B} and not http.request.uri.path contains "/test"
requests_per_period: 60
period: 10
mitigation_timeout: 10
action: block
With priority:
Rule 1:
expression: http.host eq "example.com" and http.request.uri.path contains "/test"
requests_per_period: 100
period: 10
mitigation_timeout: 10
action: block
priority: 1
Rule 2:
http.host contains "example.com" and not ip.src in {IP_A IP_B}
requests_per_period: 60
period: 10
mitigation_timeout: 10
action: block
priority: 2
So by priority, we can evaluate the request with each rule; if the request doesn’t match, it will be evaluated with the next rule.