Testing and Reviewing Cloudflare Firewall and WAF Rules

Content Error or Suggest an Edit

Notice a grammatical error or technical inaccuracy? Let us know; we will give you credit!

Draft Warning

You’ve reached a draft 🤷‍♂️ and unfortunately, it’s a work in progress.

Attention – Always Test!

Ensure you test your Cloudflare rules after implementation, as they can block some services such as backups, monitoring and management services. Also, make sure to use a VPN to test country blocks.

Why you should Test and Review Cloudflare Firewall and WAF Rules

If you’re in the process of developing your Cloudflare Firewall or WAF rules, you’ll want to find a way to test them out to make sure they function as they should. It’s essential to test and review to make sure you’re not blocking legitimate traffic.

Testing Using a VPN

When testing Cloudflare firewall and WAF rules, a VPN is an excellent tool to ensure that your IP or geographic rules are working correctly. Finding an international VPN will help as you’ll have access to multiple continents. A VPN such as Windscribe would be a good example.

Reviewing the Security Activity Log

You now have your Cloudflare rules in place, and you’ve tested them out, and they’re working as intended. But now you’re facing issues, and you don’t know why, or you just want to be triple sure. The Security Activity Log is where you’ll want to go!

The Cloudflare Security Activity Log

Cloudflare Security Activity Log

You’ll find that the Cloudflare Security Activity log will show all firewall events that occur based on the firewall rules you have set up and the Managed Firewall rules provided by Cloudflare.

You can filter the log using the “Add Filter” button, look at each rule, and filter or exclude each field.

Testing Cloudflare Rules with cURL


I haven’t completed this section yet!


The goal is to have a video created for this blog post to walk through testing and Reviewing Cloudflare Firewall and WAF Rules.


  • 08-10-2022 – Updated to add cURL Section.

You May Also Like