Managed rulesets
The Cloudflare WAF includes pre-configured managed rulesets that you can deploy. These managed rulesets provide immediate protection against:
- Zero-day vulnerabilities
- Top-10 attack techniques
- Use of stolen/leaked credentials
- Extraction of sensitive data
The WAF’s managed rulesets are regularly updated. Each rule has a default action that varies according to the severity of the rule. You can adjust the behavior of specific rules, choosing from several possible actions.
Rules of managed rulesets have associated tags (such as wordpress) that allow you to search for a specific group of rules and configure them in bulk.
At the account level, you can deploy each WAF managed ruleset more than once. This means that you can apply the same managed ruleset with different configurations to different subsets of incoming traffic for the Enterprise zones in your account.
For example, you could deploy the Cloudflare OWASP Core Ruleset multiple times with different paranoia levels and a different action (Log action for PL4 and Block action for PL2).
To customize the behavior of managed rulesets, do one of the following:
- Create exceptions to skip the execution of WAF managed rulesets or some of their rules under certain conditions.
- Configure overrides to change the rule action or disable one or more rules of managed rulesets. Overrides can affect an entire managed ruleset, specific tags, or specific rules in the managed ruleset.
Exceptions have priority over overrides.