Heuristics and Rules: Why We Built a New Old WAF

Cloudflare has updated its Web Application Firewall (WAF) to include a traditional rules-based system alongside its existing heuristics-based approach. The new rules-based WAF is designed to be fully user configurable, accepts the ModSecurity rule configuration language, and adds less than 1ms of latency to requests when processing the full OWASP ruleset or its equivalent. It can update worldwide within less than 30 seconds of a user configuration change and scales to handle Cloudflare's level of traffic. The new WAF is included by default with every Pro and better plan.