Table of Contents
Content Error or Suggest an Edit
Notice a grammatical error or technical inaccuracy? Let us know; we will give you credit!
Draft Warning
You’ve reached a draft 🤷♂️ and unfortunately, it’s a work in progress.
Attention – Always Test!
Ensure you test your Cloudflare rules after implementation, as they can block some services such as backups, monitoring and management services. Also, make sure to use a VPN to test country blocks.
Other Cloudflare Guides
- Rant, Cloudflare Bot Fight Mode doesn’t provide firewall bypass or whitelist?
- Using Cloudflare Without Changing your Name Servers
- Cloudflare 520 Errors Explained and Investigated
- Secure, Protect and Lock Down your WordPress site with Cloudflare Custom WAF Rules (was Firewall Rules)
- Protecting the WordPress Admin Login with Cloudflare
- Testing and Reviewing Cloudflare Firewall and WAF Rules
- Common WordPress Cloudflare WAF (Web Application Firewall) Rules
Why you should Test and Review Cloudflare Firewall and WAF Rules
If you’re in the process of developing your Cloudflare Firewall or WAF rules, you’ll want to find a way to test them out to make sure they function as they should. It’s essential to test and review to make sure you’re not blocking legitimate traffic.
Testing Using a VPN
When testing Cloudflare firewall and WAF rules, a VPN is an excellent tool to ensure that your IP or geographic rules are working correctly. Finding an international VPN will help as you’ll have access to multiple continents. A VPN such as Windscribe would be a good example.
Reviewing the Security Activity Log
You now have your Cloudflare rules in place, and you’ve tested them out, and they’re working as intended. But now you’re facing issues, and you don’t know why, or you just want to be triple sure. The Security Activity Log is where you’ll want to go!
Cloudflare Security Activity Log
You’ll find that the Cloudflare Security Activity log will show all firewall events that occur based on the firewall rules you have set up and the Managed Firewall rules provided by Cloudflare.
You can filter the log using the “Add Filter” button, look at each rule, and filter or exclude each field.
Testing Cloudflare Rules with cURL
Sorry!
I haven’t completed this section yet!
Conclusion
The goal is to have a video created for this blog post to walk through testing and Reviewing Cloudflare Firewall and WAF Rules.
Changelog
- 08-10-2022 – Updated to add cURL Section.
Author
Jordan Trask
With 20 years experience in technology spanning from Linux, Data Center Infrastructure and related services and applications. Jordan consults with small, medium and large organizations tackling problems and technology needs. With 10 years experience in WordPress, he’s created Managing WP as a means to dump his brain on the web.
Jordan operates LMT Solutions providing Technology Consulting Services and We Power WP for WordPress Care Plans and Support.
