WAF fields
The Web Application Firewall (WAF) contains rules managed by Cloudflare to block requests that contain malicious content.
WAF Action
Value | Action | Description |
---|---|---|
0 | Unknown | Take no other action. |
1 | Allow | Bypass all subsequent WAF rules. |
2 | Block | Block with an HTTP 403 response. |
3 | Challenge Allow | Issue a Managed Challenge. |
4 | Challenge Drop | Unused. |
5 | Log | Take no action other than logging the event. |
Deprecated fields for internal Cloudflare use
The values of these fields are subject to change by Cloudflare at any time and are irrelevant for customer data analysis:
- WAFFlags
- WAFMatchedVar