Preview rules
Overview
Cloudflare Firewall Rules provides a powerful and flexible platform for filtering HTTP requests and protecting your site amid an evolving threat landscape. However, the same power and flexibility that allows you to tailor Firewall Rules to your specific application and environment can also introduce complexity. In these cases, it is critical that you have a way to test a firewall rule before deploying it so that you can ensure the rule will behave the way you expect.
To help customers understand the potential impact of a rule, Cloudflare has built Rule Preview. With the click of a button, Rule Preview allows you to test a firewall rule against a sample drawn from the last 72 hours of traffic. Rule Preview is built into the Firewall Rules Expression Editor so that you can test a rule as you edit it.
Use Rule Preview
To test a firewall rule with Rule Preview:
- Locate the desired rule in the Rules List and click the associated Edit button (wrench icon). The Edit Firewall Rule panel will open.
- Click Test rule to trigger the test.
The results of the test are displayed in a plot that simulates how many of the total requests in the last 72 hours would have matched the tested expression.
In this screenshot, a rule that matches all User-Agents that contain the string Mozilla
would block about 8% of requests to the zone:
Important Notes
Consider the results of Firewall Preview an indication of traffic levels, not an exact calculation. The sample rate can be as little as 1% of your total traffic.
Rule Preview does not take into account other Cloudflare firewall rules that you have already configured. In effect, Rule Preview tests a single firewall rule in isolation. Firewall Events or any other rules with a higher priority that may have blocked or challenged a request are ignored.
Cloudflare does not store the entirety of requests, so only a limited number of fields are available to Rule Preview. The table below lists the fields that Rule Preview supports (green cells), broken down by operator. Fields and operators that are not supported are not included in this table.
Equal | Not equal | Greater than | Less than | Greater than or equal | Less than or equal | In | Contains | |
AS Numberip.geoip.asnum | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
Countryip.geoip.country | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ |
Hostnamehttp.host | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
IP Addressip.src | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | |
Refererhttp.referer | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ |
Request methodHttp.request. method | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ |
SSLssl | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
URIhttp.request.uri | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
URI pathhttp.request.uri.path | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
URI query stringhttp.request.uri.query | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ |
User agenthttp.user_agent | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ |