Table of Contents
Content Error or Suggest an Edit
You’ve reached a draft 🤷♂️ and unfortunately, it’s a work in progress.
Attention – Always Test!
Ensure you test your Cloudflare rules after implementation, as they can block some services such as backups, monitoring and management services. Also, make sure to use a VPN to test country blocks.
- Rant, Cloudflare Bot Fight Mode doesn’t provide firewall bypass or whitelist?
- Using Cloudflare Without Changing your Name Servers
- Cloudflare 520 Errors Explained and Investigated
- Secure, Protect and Lock Down your WordPress site with Cloudflare Custom WAF Rules (was Firewall Rules)
- Protecting the WordPress Admin Login with Cloudflare
- Testing and Reviewing Cloudflare Firewall and WAF Rules
- Common WordPress Cloudflare WAF (Web Application Firewall) Rules
If you’re in the process of developing your Cloudflare Firewall or WAF rules, you’ll want to find a way to test them out to make sure they function as they should. It’s essential to test and review to make sure you’re not blocking legitimate traffic.
When testing Cloudflare firewall and WAF rules, a VPN is an excellent tool to ensure that your IP or geographic rules are working correctly. Finding an international VPN will help as you’ll have access to multiple continents. A VPN such as Windscribe would be a good example.
You now have your Cloudflare rules in place, and you’ve tested them out, and they’re working as intended. But now you’re facing issues, and you don’t know why, or you just want to be triple sure. The Security Activity Log is where you’ll want to go!
You’ll find that the Cloudflare Security Activity log will show all firewall events that occur based on the firewall rules you have set up and the Managed Firewall rules provided by Cloudflare.
You can filter the log using the “Add Filter” button, look at each rule, and filter or exclude each field.
I haven’t completed this section yet!
The goal is to have a video created for this blog post to walk through testing and Reviewing Cloudflare Firewall and WAF Rules.
- 08-10-2022 – Updated to add cURL Section.