{"id":25940515,"url":"https://github.com/kamrullab/cloudflare-security-rules","last_synced_at":"2025-08-02T07:10:10.266Z","repository":{"id":280252801,"uuid":"941421637","full_name":"kamrullab/cloudflare-security-rules","owner":"kamrullab","description":"This repository provides a complete Cloudflare WAF setup guide, including custom rules for bot protection, country blocking, and CAPTCHA verification. Learn how to configure firewall settings step by step to secure your website against threats.","archived":false,"fork":false,"pushed_at":"2025-03-02T09:03:51.000Z","size":5,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-02T10:19:23.363Z","etag":null,"topics":["bot-protection","captcha","cloudflare","cloudflare-rules","cloudflare-security","cloudflare-waf","cloudflare-waf-rules","custom-rules","custom-rulesets","cybersecurity","ddos-protection","firewall","ip-blocking","security","security-rules","waf","waf-configuration","web-application-firewall","website-protection"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kamrullab.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-02T08:50:39.000Z","updated_at":"2025-03-02T09:03:53.000Z","dependencies_parsed_at":"2025-03-02T10:19:26.520Z","dependency_job_id":"2e20856f-db13-4aa2-9060-fad5f8bfb730","html_url":"https://github.com/kamrullab/cloudflare-security-rules","commit_stats":null,"previous_names":["kamrullab/cloudflare-security-rules"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kamrullab%2Fcloudflare-security-rules","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kamrullab%2Fcloudflare-security-rules/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kamrullab%2Fcloudflare-security-rules/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kamrullab%2Fcloudflare-security-rules/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kamrullab","download_url":"https://codeload.github.com/kamrullab/cloudflare-security-rules/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241787484,"owners_count":20020101,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bot-protection","captcha","cloudflare","cloudflare-rules","cloudflare-security","cloudflare-waf","cloudflare-waf-rules","custom-rules","custom-rulesets","cybersecurity","ddos-protection","firewall","ip-blocking","security","security-rules","waf","waf-configuration","web-application-firewall","website-protection"],"created_at":"2025-03-04T05:16:59.733Z","updated_at":"2025-03-04T05:17:00.292Z","avatar_url":"https://github.com/kamrullab.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🔥 Cloudflare Web Application Firewall (WAF) and Security Setup\n\n## 🌍 Overview\nThis repository provides a complete **step-by-step guide** to setting up and configuring **Cloudflare Web Application Firewall (WAF)**. It helps protect websites against **malicious attacks, bot traffic, and unauthorized access**. This guide includes the process of **creating custom rules**, **understanding firewall settings**, and **applying CAPTCHA verification** to enhance security and performance.\n\n---\n\n# 📌 **How to Create Cloudflare WAF Rules (Step-by-Step Guide)**\n\n## 🚀 **Step 1: Accessing Cloudflare Security Settings**\n1. **🔑 Login to Cloudflare**: Go to [Cloudflare Dashboard](https://dash.cloudflare.com/) and log in.\n2. **🌐 Select Your Website**: Click on the website you want to protect.\n3. **🛡️ Navigate to WAF**: In the left sidebar, go to **Security \u003e WAF (Web Application Firewall)**.\n4. **⚙️ Go to Custom Rules**: Click on the **Custom Rules** tab.\n\n## 🏗️ **Step 2: Creating a New Custom Rule**\n1. Click on **➕ Create Rule**.\n2. Enter a **📝 Rule Name** (e.g., `CAPTCHA SKIP` for bots).\n3. Choose a **📌 Field** (e.g., `User Agent` to detect bots).\n4. Select an **⚙️ Operator** (e.g., `contains` to match specific bots).\n5. Enter a **📥 Value** (e.g., `Googlebot` for Google Search bot).\n6. Choose an **🔒 Action** (e.g., `Skip` for trusted bots, `Block` for countries, or `Managed Challenge` for CAPTCHA).\n7. Set the **🔄 Placement Order** (first, after another rule, etc.).\n8. Click **💾 Save** and ensure the rule is **✅ Enabled**.\n\n---\n# 🎯 **Custom Rules Configuration (Basic to Advanced)**\n\nBelow are **three essential WAF rules**, explained in three formats: **Table Format, Copyable Code Format, and Detailed Explanation**.\n\n---\n\n## **1️⃣ CAPTCHA SKIP Rule (Allowing Search Engine Bots) 🤖**\n\n### ✅ **📋 Table Format**\n| **📌 Field**     | **⚙️ Operator** | **📥 Value**              |\n|--------------|------------|----------------------|\n| User Agent   | contains   | facebookexternalhit  |\n| OR           | contains   | TwitterBot           |\n| OR           | contains   | LinkedInBot          |\n| OR           | contains   | Googlebot            |\n| OR           | contains   | Bingbot              |\n| **🔒 Action**   | **Skip**   |                      |\n| **🔄 Placement**| **First**  |                      |\n\n### ✅ **📜 Copyable Code Format**\n```\nRule Name: CAPTCHA SKIP\nField: User Agent\nOperator: contains\nValue: facebookexternalhit\n\nOR\n\nField: User Agent\nOperator: contains\nValue: TwitterBot\n\nOR\n\nField: User Agent\nOperator: contains\nValue: LinkedInBot\n\nOR\n\nField: User Agent\nOperator: contains\nValue: Googlebot\n\nOR\n\nField: User Agent\nOperator: contains\nValue: Bingbot\n\nAction: Skip\nPlacement: First\n```\n\n### ✅ **📖 Detailed Explanation**\n- **🎯 Purpose**: This rule allows legitimate search engine bots to access your website **without being blocked** by CAPTCHA.\n- **📌 Field**: `User Agent` checks if the visitor is a bot.\n- **⚙️ Operator**: `contains` applies if the bot’s name appears.\n- **📥 Values**: Recognized search bots like `Googlebot`, `Bingbot`, etc.\n- **🔒 Action**: `Skip` allows these bots to bypass security checks.\n- **🔄 Placement**: This rule should be **first** in order.\n\n---\n\n## **2️⃣ COUNTRY BLOCK Rule (Blocking Specific Countries) 🌍**\n\n### ✅ **📋 Table Format**\n| **📌 Field**  | **⚙️ Operator** | **📥 Value**           |\n|-----------|------------|-------------------|\n| Country   | equals     | United Kingdom    |\n| OR        | equals     | United States     |\n| **🔒 Action**| **Block**  |                   |\n| **🔄 Placement**| **After CAPTCHA SKIP** | |\n\n### ✅ **📜 Copyable Code Format**\n```\nRule Name: COUNTRY BLOCK\nField: Country\nOperator: equals\nValue: United Kingdom\n\nOR\n\nField: Country\nOperator: equals\nValue: United States\n\nAction: Block\nPlacement: After CAPTCHA SKIP\n```\n\n### ✅ **📖 Detailed Explanation**\n- **🎯 Purpose**: Blocks traffic from selected countries to **prevent fraud or unwanted access**.\n- **📌 Field**: `Country` checks the visitor’s location.\n- **⚙️ Operator**: `equals` applies only to the listed countries.\n- **📥 Values**: `United Kingdom`, `United States` (can add more if needed).\n- **🔒 Action**: `Block` denies access to these users.\n- **🔄 Placement**: Should be **after the CAPTCHA SKIP rule**.\n\n---\n\n## **3️⃣ CAPTCHA ON Rule (Adding Verification for Suspicious Traffic) 🔐**\n\n### ✅ **📋 Table Format**\n| **📌 Field**  | **⚙️ Operator** | **📥 Value**           |\n|-----------|------------|-------------------|\n| Hostname  | wildcard   | mail.kamrul.us    |\n| OR        | wildcard   | kamrul.us/SOFT    |\n| OR        | wildcard   | kamrul.us        |\n| **🔒 Action**| **Managed Challenge** |      |\n| **🔄 Placement**| **After COUNTRY BLOCK** | |\n\n### ✅ **📜 Copyable Code Format**\n```\nRule Name: CAPTCHA ON\nField: Hostname\nOperator: wildcard\nValue: mail.kamrul.us\n\nOR\n\nField: Hostname\nOperator: wildcard\nValue: kamrul.us/SOFT\n\nOR\n\nField: Hostname\nOperator: wildcard\nValue: kamrul.us\n\nAction: Managed Challenge\nPlacement: After COUNTRY BLOCK\n```\n\n### ✅ **📖 Detailed Explanation**\n- **🎯 Purpose**: Protects sensitive pages by forcing visitors to pass a CAPTCHA challenge.\n- **📌 Field**: `Hostname` applies the rule to specific site sections.\n- **⚙️ Operator**: `wildcard` matches similar URLs.\n- **🔒 Action**: `Managed Challenge` presents CAPTCHA verification.\n- **🔄 Placement**: Runs **after COUNTRY BLOCK rule**.\n\n---\n\n## 🔍 **Final Verification \u0026 Troubleshooting**\n### ✅ **How to Check if Rules Are Working?**\n1. **🛠️ Test the site from different locations** (use VPN for testing country blocks).\n2. **🔍 Use browser developer tools** (F12 \u003e Network \u003e Inspect HTTP headers).\n3. **📊 Check Cloudflare Security Logs** (Security \u003e WAF \u003e Logs).\n\n---\n![image](https://github.com/user-attachments/assets/44600aa6-badf-49a9-af86-d730fc83a50d)\n\n\n![image](https://github.com/user-attachments/assets/6d3bc950-abf2-466a-8e8f-e2f460cda5f3)\n\n![image](https://github.com/user-attachments/assets/6b6d6519-5f05-4172-9bf9-06050116e852)\n\n\n![image](https://github.com/user-attachments/assets/426cbd82-9364-4696-a0ec-29e8031707cd)\n\n\n![image](https://github.com/user-attachments/assets/77beacf1-d5c2-415a-8dbd-466174fa310b)\n\n\n\n\n## 🏆 **License \u0026 Contact**\nThis guide is open-source under the MIT License.\nFor further support, contact **kamrul.us Admin** or visit [Cloudflare Support](https://support.cloudflare.com/).\n\n\n![image](https://github.com/user-attachments/assets/1b77b3be-d949-49d5-b183-7192def40bdc)\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkamrullab%2Fcloudflare-security-rules","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkamrullab%2Fcloudflare-security-rules","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkamrullab%2Fcloudflare-security-rules/lists"}