Cloudflare Docs
Learning Paths
Visit Learning Paths on GitHub
Set theme to dark (⇧+D)

Create allow rules

  1 min read

Based on your application’s traffic, you should create firewall rules that explicitly allow expected automated or likely automated traffic.

Cloudflare recommends being as specific as possible when analyzing traffic and creating rules, usually including a combination of user-agent values, IP addresses or ASNs, and JA3 fingerprints.

ExpressionAction
(http.user_agent contains "App_Name 2.0") and (cf.bot_management.ja3_hash eq df669e7ea913f1ac0c0cce9a201a2ec1) and (ip.src in $mobile_app_ips)Allow

If you only use a specific characteristic for your allow rules (such as the user-agent), it could be discovered by malicious bots and expose your application to automated abuse.




Unit 3 of 7

Previous
Next