WAF Security and Rules
Hello There
I am noob to using Cloudflares security options So this may be a stupid question.
I have been using Cloudflare for sometime to manage my domains but am now venturing into the security products offered.
How do I go about setting up custom WAF rules to prevent cross-site scripting and SQL injection on my Domain and project that use Cloudflare Pages?
Any assistance would be greatly appreciated.
3 Replies
Hey,
Pro or higher comes with Managed Rulesets including OWASP Core and Cloudflare's Custom, which include a bunch of rules targeting xss/sql injection/etc
Free websites have a free ruleset which contain a few high risk vulnerabilities but nothing that could false positive, and that's on always by default/no config
Ah I see. Thank you for the reply.
So for context I'm going more into the web dev side of things.
Plan for now is to start with smaller sites then build.
About what size / security risk does it warrant convincing clients to consider paying for the Pro.
Obviosuly one should pay for secruity but country I live in is economically in the dumps so people always looking to safe money