Configure payload logging in the dashboard

Configure payload logging for a ruleset in the ruleset configuration page.

Note

Only users with the Super Administrator role can configure payload logging and decrypt payloads in the Cloudflare dashboard. Other users can decrypt payloads if they have access to the logs and to the private key.

Do the following:

1. Open Security > WAF > Managed rules.

   

2. To configure payload logging for a ruleset you had already deployed in the WAF, select the managed ruleset name.

3. At the bottom of the page, select Configure payload logging.

4. After reading and understanding the implications of enabling payload logging, select one of the available options:

   • Generate key pair using your web browser: Generates a key pair (a private and a public key) in your browser and configures payload logging with the generated public key.

   • Use my own public key: Enter a public key generated by the matched-data-cli command-line tool.

5. Select Next.

6. If you generated a key pair in the browser, copy the displayed private key and store it safely. You will use this private key later to view the decrypted payload content.

7. Select Done.

8. If you are deploying the managed ruleset where you configured payload logging, select Deploy. If you configured payload logging for a ruleset you had already deployed, select Save.