Web Application Firewall (WAF) services provided by Cloudflare® block requests containing malicious content before it reaches the origin server. Cloudflare managed WAF rulesets includes predefine WAF rules to protect popular content management systems like WordPress, Joomla, and Magento.
To enable additional managed WAF rulesets or add custom WAF rules, log into the Cloudflare dashboard then open the Firewall dashboard app. The Firewall dashboard app will allow the administration of WAF rules as well as IP based firewall rules.
WAF is not enabled by default. WAF may be enabled using the 101 Domain client portal after the SWA Plus or SWA Pro subscription is activated. WAF may also be enabled from the Cloudflare dashboard using the Firewall dashboard app button.