Cloudflare Docs
Logs
Logs
Edit this page on GitHub
Set theme to dark (⇧+D)

Security fields

The Security fields contain rules to block requests that contain specific types of content.

​​ SecurityActions

ValueActionDescription
unknownUnknownTake no other action.
allowAllowBypass all subsequent rules.
blockDropBlock with an HTTP 403 response.
challengeChallenge DropIssue an interactive challenge.
jschallengeChallenge DropIssue a JS challenge.
logLogTake no action other than logging the event.
connectionCloseCloseClose connection.
challengeSolvedAllowAllow once interactive challenge solved.
challengeFailedDropBlock following invalid interactive challenge solve attempt.
challengeBypassedAllowInteractive challenge is not issued again because the visitor had previously passed an interactive challenge and a valid cf_clearance cookie is present.
jschallengeSolvedAllowAllow once JS challenge solved.
jschallengeFailedDropDrop if JS challenge failed.
jschallengeBypassedAllowJS challenge not issued because the visitor had previously passed a JS or interactive challenge.
bypassAllowBypass all subsequent firewall rules.
managedChallengeChallenge DropIssue managed challenge.
managedChallengeNonInteractiveSolvedAllowAllow once the managed challenge is solved via non-interactive interstitial page.
managedChallengeInteractiveSolvedAllowAllow once the managed challenged is solved via interactive interstitial page.
managedChallengeBypassedAllowChallenge was not presented because visitor had clearance from previous challenge.

​​ SecuritySources

ValueDescription
unknownUsed if an event is received from a new source but the logging system has not been updated.
asnAllow or block based on autonomous system number.
countryAllow or block based on country.
ipAllow or block based on IP address.
ipRangeAllow or block based on range of IP addresses.
securityLevelAllow or block based on requester’s security level.
zoneLockdownRestrict all access to a specific zone.
wafAllow or block based on the WAF product settings. This is the WAF/managed rules system that is being phased out.
firewallRulesAllow or block based on a zone’s firewall rules configuration (deprecated).
uaBlockAllow or block based on the Cloudflare User Agent Blocking product settings.
rateLimitAllow or block based on a rate limiting rule, whether set by you or by Cloudflare.
bicAllow or block based on the Browser Integrity Check product settings.
hotAllow or block based on the Hotlink Protection product settings.
l7ddosAllow or block based on the L7 DDoS product settings.
validationAllow or block based on a request that is invalid (cannot be customized.)
botFightAllow or block based on the Bot Fight Mode (classic) product settings.
botManagementAllow or block based on the Bot Management product settings.
dlpAllow or block based on the Data Loss Prevention product settings.
firewallManagedAllow or block based on WAF Managed Rules’ settings.
firewallCustomAllow or block based on a rule configured in WAF custom rules.