Control incoming requests
Use Cloudflare WAF Managed Rules to apply custom criteria for all incoming HTTP requests.
- Positive Security policy: Allow specific requests and deny everything else.
- Negative Security policy: Block specific requests and allow everything else.
- Log: Test rule effectiveness before committing to a more severe action.
- Allow: Allow matching requests to access the site.
- Block: Block matching requests from accessing the site.
- CAPTCHA Challenge: Rules will be shown a CAPTCHA before proceeding.
- Javascript Challenge: Rules will be shown a five second Javascript confirmation before proceeding.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark