Cloudflare Docs
WAF
Edit this page on GitHub
Set theme to dark (⇧+D)

Deploy a managed ruleset in the dashboard for an account

You can enable and configure managed rulesets for an account in Account Home > WAF > Managed rulesets.

To deploy a managed ruleset for a single zone, refer to Deploy a managed ruleset in the dashboard for a zone.

Example WAF Managed Rules configuration in the Managed rulesets tab under Application Security > WAF.

​​ Deploy a managed ruleset

  1. Log in to the Cloudflare dashboard and select your account.

  2. Go to Account Home > WAF > Managed rulesets.

  3. Next to Deployed managed rulesets, select Deploy > Deploy managed ruleset.

  4. Select the managed ruleset you wish to deploy.

  5. In the Deploy managed ruleset page, give a name to the rule deploying the ruleset in Execution name.

  6. Under Execution scope, review the scope of the deployed managed ruleset. If necessary, select Edit scope and configure the expression that will determine the scope of the current rule.

  7. (Optional) Specify overrides for all the rules in the managed ruleset. You can also create overrides for specific rules or tags.

  8. To deploy your rule immediately, select Deploy. If you are not ready to deploy your rule, select Save as draft.

The Deployed managed rulesets list will show an Execute rule for each deployed managed ruleset.

​​ Enable or disable a managed ruleset

Select the Enabled toggle next to a deployed managed ruleset to enable or disable it.

​​ Configure a managed ruleset

Configure a managed ruleset to:

  • Define specific field values for one or more rules (for example, configure a rule with an action different from the action configured by Cloudflare).
  • Disable one or more rules.

To skip one or more rules, or entire WAF managed rulesets, add an exception. Exceptions, also called skip rules, are shown as Skip rules in the Deployed managed rulesets list.

​​ Configure field values for all the rules

To configure rule field values for all the rules in a managed ruleset:

  1. Log in to the Cloudflare dashboard and select your account.

  2. Go to Account Home > WAF > Managed rulesets.

  3. Under Deployed managed rulesets, next to the Execute rule that deploys the managed ruleset you want to configure, select Edit.

  4. In the ruleset configuration section, set one or more rule fields from the available values in the drop-down lists.

    For example, select the action to perform for all the rules in the ruleset from the Ruleset action drop-down list.

    The Deploy Managed Ruleset page displaying the available options to override all the rules in the ruleset. In the displayed managed ruleset you can override the ruleset action.
  5. Select Save.

​​ View the rules of a managed ruleset

You can browse the available rules in a managed ruleset and search for individual rules or tags.

Use the available filters in the Browse Managed Ruleset interface.

To view the rules of a managed ruleset:

  1. Log in to the Cloudflare dashboard and select your account.

  2. Go to Account Home > WAF > Managed rulesets.

  3. Under Deployed managed rulesets, next to the Execute rule that deploys the managed ruleset you want to browse, select Edit.

  4. Select Browse rules.

    The Browse rules page displaying the list of rules in the Cloudflare Managed Ruleset

​​ Configure a single rule in a managed ruleset

To configure a rule in the Browse Managed Ruleset interface:

  1. Search for a rule using the available filters. You can search for tags.

  2. Find the rule you want to configure in the results list.

  3. In the result line for the rule you want to change, select the desired value for a field in the displayed drop-down lists. For example, select the rule action in the Action dropdown.

    In some managed rulesets, you can also change the status of a rule using the toggle next to the rule.

    The Browse rules page displaying the list of rules in the Cloudflare Managed Ruleset. In this interface you can override the behavior of specific rules.
  4. Select Next, and then select Save.

​​ Configure rules in bulk in a managed ruleset

To configure several rules at once in the Browse Managed Ruleset interface:

  1. Enter search terms in the available input to find the rules you want to configure. You can search for tags.

    Example of filtering rules by the wordpress tag in the Browse rules page
  2. In the results list, select the checkboxes for all the rules you want to configure.

    Alternatively, select a tag name under the search input to filter the rules with that tag, and then select the checkboxes for the rules you want to configure.

  3. Update one or more fields for the selected rules using the drop-down lists displayed in the top right corner of the table.

    Selecting all rules in a page displays additional drop-down lists above the table to override the behavior of several rules at once.
  4. Select Next.

  5. If you selected a tag, a dialog appears asking you if any new rules with the selected tag should be configured with the field values you selected.

    • Select Do not apply to new rules to apply your configurations to the selected rules only.
    • Select Apply to new rules if you want to apply your configurations to any new rules with the select tag.
  6. Select Save.

​​ Delete a managed ruleset deployment rule or an exception

  1. Log in to the Cloudflare dashboard and select your account.
  2. Go to Account Home > WAF > Managed rulesets.
  3. Under Deployed managed rulesets and next to the rule you want to delete, select Edit.
  4. Select Delete deployment (or Delete exception) and confirm the operation.