Web marketing

Cloudflare Announces Free Web Application Firewall

Cloudflare has announced that it is offering a free Web Application Firewall (WAF) to free plan subscribers. The WAF will provide access to the WAF UI which comes with a set of rules that can be used to automatically block known threats.

The free managed ruleset has been tested on the Cloudflare network and allows free users to enable their firewall and start enjoying the benefits of a firewall right away.

Since the ruleset is a managed ruleset, free users will benefit from updates that protect their sites against new, high-profile security threats.

The free tier of the firewall is specially designed to protect WordPress websites as it protects against common WordPress exploits.

Cloud Flare WAF

The Cloudflare WAF is an application firewall that monitors incoming web traffic from the internet to the website and automatically blocks any traffic it identifies as malicious.

The firewall uses a ruleset which is a set of patterns and signals that it looks for in order to identify malicious traffic and filter it.

Cloudflare Free Managed Ruleset

The Free Cloudflare WAF comes with a managed set of rules designed to block a multitude of common vulnerability attacks.

A managed ruleset consists of preconfigured rules that allow a user to deploy the firewall and prepare it to inspect and block malicious web traffic.

The advantage of a managed rule set is that the firewall is ready to deploy and with minimal user configuration.

Cloudflare describes this free managed ruleset:

“Designed to provide mitigation against high and broad impact vulnerabilities. Rules are safe to deploy to most applications. If you have deployed the Cloudflare Managed Ruleset for your site, you do not need to deploy this set of managed rules.

The free managed ruleset will be updated whenever a large-scale threat appears that can affect many websites. This is a huge deal that can go a long way in mitigating the effects of new hacking attacks.

The free version of the ruleset protects against the Shellshock server security bug, blocks Log4J vulnerabilities, and protects WordPress websites against common WordPress vulnerabilities.

Accessing the Cloudflare Firewall UI

Cloudflare provides the free tier of user access to the Firewall User Interface (UI), a dashboard where publishers can manage their firewall.

The dashboard allows users to modify their firewall and also monitor the actions taken by the firewall through the Security Overview tab.

Free users can perform the following actions in the dashboard:

“Replace all rules with LOG or other action.

Override specific rules only with LOG or other action.

Completely disable the rule set or any specific rule”


Read the official announcement from Cloudflare

WAF for All: Protecting the Web from High Severity Vulnerabilities

Learn more about Cloudflare WAF Managed Rule Sets

Managed Rule Sets

Learn about the redesigned Cloudflare WAF UI

A new WAF experience