WAF Configuration (Web Application Firewall)

1. Log in to your Cloudflare account. Click on Turtlehut.
2. Select your domain from the account dashboard.
3. Click the Security tab in the top navigation menu, then select WAF.
4. On the WAF overview page, you can adjust the global WAF sensitivity level (e.g., Low, Medium, High).
5. To configure custom rules:
   • Navigate to the Managed Rules tab. Here you can enable or disable pre-configured Cloudflare rule sets.
   • Go to the Custom Rules tab to create your own rules based on various criteria (e.g., IP address, country, HTTP headers).
   • Click Create rule.
   • Define the rule name, the criteria (using the rule builder or a Cloudflare Ruleset Language expression), and the action to take (e.g., Block, Challenge, Log).
   • Click Deploy.
6. Explore other WAF settings like Rate Limiting (under Security > Rate Limiting) to protect against brute-force attacks and abuse.

Last Updated: 9/18/25