Firewall fields
The Firewall fields contain rules to block requests that contain specific types of content.
FirewallMatchesActions
| Value | Action | Description |
|---|
| unknown | Unknown | Take no other action |
| allow | Allow | Bypass all subsequent rules |
| block | Drop | Block with an HTTP 403 response |
| challenge | Challenge Drop | Issue a CAPTCHA challenge |
| jschallenge | Challenge Drop | Issue a JS challenge |
| log | Log | Take no action other than logging the event |
| connectionClose | Close | Close connection |
| challengeSolved | Allow | Allow once CAPTCHA challenge solved |
| challengeFailed | Drop | Block following invalid CAPTCHA solve attempt |
| challengeBypassed | Allow | CAPTCHA challenge not issued because visitor had previously passed a CAPTCHA challenge |
| jschallengeSolved | Allow | Allow once JS challenge solved |
| jschallengeFailed | Drop | Drop if JS challenge failed |
| jschallengeBypassed | Allow | JS challenge not issued because the visitor had previously passed a JS or CAPTCHA challenge |
| bypass | Allow | Bypass all subsequent firewall rules |
| managedChallenge | Challenge Drop | Issue managed challenge |
| managedChallengeSkipped | Allow | Skip managed challenge and allow |
| managedChallengeNonInteractiveSolved | Allow | Allow once the managed challenge is solved via non-interactive interstitial page |
| managedChallengeInteractiveSolved | Allow | Allow once the managed challenged is solved via interactive interstitial page |
| managedChallengeBypassed | Allow | Challenge was not presented because visitor had clearance from previous challenge |
FirewallMatchesSources
| Value | Description |
|---|
| unknown | Used if an event is received from a new source but the logging system has not been updated |
| asn | Allow or block based on autonomous system number |
| country | Allow or block based on country |
| ip | Allow or block based on IP address |
| ipRange | Allow or block based on range of IP addresses |
| securityLevel | Allow or block based on requester’s security level |
| zoneLockdown | Restrict all access to a specific zone |
| waf | Allow or block based on the WAF product settings. This is the WAF/managed rules system that is being phased out. |
| firewallRules | Allow or block based on a zone’s firewall rules configuration |
| uaBlock | Allow or block based on the Cloudflare User Agent Blocking product settings |
| rateLimit | Allow or block based on a rate limiting rule, whether set by you or by Cloudflare |
| bic | Allow or block based on the Browser Integrity Check product settings |
| hot | Allow or block based on the Hotlink Protection product settings |
| l7ddos | Allow or block based on the L7 DDoS product settings |
| validation | Allow or block based on a request that is invalid (cannot be customized) |
| botFight | Allow or block based on the Bot Fight Mode (classic) product settings |
| botManagement | Allow or block based on the Bot Management product settings |
| dlp | Allow or block based on the Data Loss Prevention product settings |
| firewallManaged | Allow or block based on the Firewall Managed Rules product settings |
| firewallCustom | Allow or block based on a rule configured in the Firewall Custom Rulesets |