Configure in the dashboard
Configure the HTTP DDoS Attack Protection managed ruleset by defining overrides in the Cloudflare dashboard. DDoS overrides allow you to customize the action and sensitivity of one or more rules in the managed ruleset.
For more information on the available parameters and allowed values, refer to Ruleset parameters.
Create multiple rules in the ddos_l7
phase entry point ruleset to define different overrides for different sets of incoming requests. Set each rule expression according to the traffic whose HTTP DDoS protection you wish to customize.
Rules in the phase entry point ruleset, where you create overrides, are evaluated in order until there is a match for a rule expression and sensitivity level, and Cloudflare will apply the first rule that matches the request. Therefore, the rule order in the entry point ruleset is very important.
- Log in to the Cloudflare dashboard ↗, and select your account and website.
- Go to Security > DDoS.
- Next to HTTP DDoS attack protection, select Deploy a DDoS override.
- Enter a descriptive name for the override in Override name.
- If you are an Enterprise customer with the Advanced DDoS Protection subscription:
- Under Override scope, review the scope of the override — by default, all incoming requests for the current zone.
- If necessary, select Edit scope and configure the custom filter expression that will determine the override scope.
- Depending on what you wish to override, refer to the following sections (you can perform both configurations on the same override):
Configure all the rules in the ruleset (ruleset override)
- To always apply a given action for all the rules in the ruleset, select an action in Ruleset action.
- To set the sensitivity level for all the rules in the ruleset, select a value in Ruleset sensitivity.
Configure one or more rules
- Under Rule configuration, select Browse rules.
- Search for the rules you wish to configure using the available filters. You can search by tag (also known as category).
- To configure a single rule, select the desired value for a field in the displayed dropdowns next to the rule. To configure more than one rule, select the rules using the row checkboxes and update the fields for the selected rules using the dropdowns displayed before the table. You can also configure all the rules with a given tag. For more information, refer to Configure rules in bulk in a managed ruleset.
- Select Next.
- Select Save.
- Log in to the Cloudflare dashboard ↗, and select your account and website.
- Go to Security > DDoS.
- Next to the DDoS override you wish to delete, select Delete.
- Select Delete to confirm the operation.