Cloudflare Docs
WAF
Edit this page
Give us feedback
Set theme to dark (⇧+D)

Actions

An IP Access rule can perform one of the following actions:

  • Block: Prevents a visitor from visiting your site.

  • Allow: Excludes visitors from all security checks, including Browser Integrity Check, I’m Under Attack Mode, and the WAF. Use this option when a trusted visitor is being blocked by Cloudflare’s default security features. The Allow action takes precedence over the Block action. Note that allowing a given country code will not bypass WAF managed rules (previous and new versions).

  • Managed Challenge: Depending on the characteristics of a request, Cloudflare will dynamically choose the appropriate type of challenge from a list of possible actions. For more information, refer to Cloudflare challenges.

  • JavaScript Challenge: Presents the I’m Under Attack Mode interstitial page to visitors. The visitor or client must support JavaScript. Useful for blocking DDoS attacks with minimal impact to legitimate visitors.

  • Interactive Challenge: Requires the visitor to complete an interactive challenge before visiting your site. Prevents bots from accessing the site.