Cloudflare Docs

Cloudflare Docs

Overview
About Logpush
Get started
Enable destinations
Enable Amazon S3
Enable S3-compatible endpoints
Enable Datadog
Enable Google Cloud Storage
Enable BigQuery
Enable Microsoft Azure
Enable Splunk
Enable other providers
Enable Sumo Logic
Tutorials
Parse Cloudflare Logs JSON data
Reference
Logpush API configuration
Logpush examples
Manage Logpush with cURL
Manage Logpush with Python
Log fields
Zone-scoped data sets
DNS logs
Firewall events
HTTP requests
NEL reports
Spectrum events
Account-scoped data sets
Audit logs
Gateway DNS
Gateway HTTP
Glossary
Pathing status
Firewall fields
WAF fields
Logpull
Understanding the basics
Enabling log retention
Requesting logs
Additional details
FAQ

WAF fields

The Web Application Firewall (WAF) contains rules managed by Cloudflare to block requests that contain malicious content.

WAF Action

Value	Action	Description
0	Unknown	Take no other action
1	Allow	Bypass all subsequent WAF rules
2	Drop	Block with an HTTP 403 response
3	Challenge Allow	Issue a CAPTCHA challenge
4	Challenge Drop	Unused
5	Simulate	Take no action other than logging the event

Deprecated fields for internal Cloudflare use

The values of these fields are subject to change by Cloudflare at any time and are irrelevant for customer data analysis:

WAFFlags
WAFMatchedVar