Testing and Reviewing Cloudflare Firewall and WAF Rules

Last Updated on September 21, 2023 EDT by Jordan

Why you should Test and Review Cloudflare Firewall and WAF Rules

If you’re in the process of developing your Cloudflare Firewall or WAF rules, you’ll want to find a way to test them out to make sure they function as they should. It’s essential to test and review to make sure you’re not blocking legitimate traffic.

Testing Using a VPN

When testing Cloudflare firewall and WAF rules, a VPN is an excellent tool to ensure that your IP or geographic rules are working correctly. Finding an international VPN will help as you’ll have access to multiple continents. A VPN such as Windscribe would be a good example.

Reviewing the Security Activity Log

You now have your Cloudflare rules in place, and you’ve tested them out, and they’re working as intended. But now you’re facing issues, and you don’t know why, or you just want to be triple sure. The Security Activity Log is where you’ll want to go!

Cloudflare Security Activity Log

You’ll find that the Cloudflare Security Activity log will show all firewall events that occur based on the firewall rules you have set up and the Managed Firewall rules provided by Cloudflare.

You can filter the log using the “Add Filter” button, look at each rule, and filter or exclude each field.

Testing Cloudflare Rules with cURL

Conclusion

The goal is to have a video created for this blog post to walk through testing and Reviewing Cloudflare Firewall and WAF Rules.

Changelog

• 08-10-2022 – Updated to add cURL Section.