Cloudflare WAF
Learning Focus
By the end of this lesson you will understand how Cloudflare's WAF complements OpenLiteSpeed's ModSecurity.
What Cloudflare WAF Provides
Cloudflare's WAF inspects traffic at the edge before it reaches your server. It provides:
- Managed rule sets for common attacks (SQL injection, XSS)
- OWASP Core Rule Set deployment
- Custom firewall rules based on IP, country, ASN, or request attributes
Cloudflare WAF vs OLS ModSecurity
| Feature | Cloudflare WAF | OLS ModSecurity |
|---|---|---|
| Location | Edge (before server) | Origin server |
| Attack blocked | Before reaching your server | At the server level |
| Configuration | Dashboard GUI | Config files |
| Custom rules | Expression-based | SecRule syntax |
| Focus | Edge threats, bots, geo-blocking | Application-specific rules |
Use both layers for defense in depth: Cloudflare blocks broad attacks at the edge, ModSecurity handles application-specific rules at the origin.
Key Takeaways
- Cloudflare WAF blocks attacks before they reach your server.
- Combine Cloudflare WAF with ModSecurity for defense in depth.
- Use managed rules for broad protection and custom rules for specific threats.
What's Next
- Continue to Rate Limiting for request throttling at the edge.