Skip to content

Commit e31376e

Browse files
committed
Add example mitigation rules
1 parent fe70a60 commit e31376e

File tree

1 file changed

+36
-4
lines changed

1 file changed

+36
-4
lines changed

src/content/docs/waf/detections/firewall-for-ai.mdx

Lines changed: 36 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@ Then, use [Security Analytics](/waf/analytics/security-analytics/) in the new ap
6868

6969
Alternatively, create a custom rule like the one described in the next step using a _Log_ action. This rule will generate [security events](/waf/analytics/security-events/) that will allow you to validate your configuration.
7070

71-
### 3. Mitigate requests containing PII
71+
### 3. Mitigate harmful requests
7272

7373
[Create a custom rule](/waf/custom-rules/create-dashboard/) that blocks requests where Cloudflare detected personally identifiable information (PII) in the incoming request (as part of an LLM prompt), returning a custom JSON body:
7474

@@ -85,7 +85,7 @@ Alternatively, create a custom rule like the one described in the next step usin
8585
- **With response type**: Custom JSON
8686
- **Response body**: `{ "error": "Your request was blocked. Please rephrase your request." }`
8787

88-
This rule will match requests where the WAF detects PII within an LLM prompt. For a list of fields provided by Firewall for AI, refer to [Fields](#fields).
88+
For additional examples, refer to [Example mitigation rules](#example-mitigation-rules). For a list of fields provided by Firewall for AI, refer to [Fields](#fields).
8989

9090
<Details header="Combine with other Rules language fields">
9191

@@ -125,6 +125,38 @@ When enabled, Firewall for AI populates the following fields:
125125
| LLM Unsafe topic detected | `Boolean` | [`cf.llm.prompt.unsafe_topic_detected`](/ruleset-engine/rules-language/fields/reference/cf.llm.prompt.unsafe_topic_detected/) |
126126
| LLM Unsafe topic categories | `Array<String>` | [`cf.llm.prompt.unsafe_topic_categories`](/ruleset-engine/rules-language/fields/reference/cf.llm.prompt.unsafe_topic_categories/) |
127127

128-
For a list of PII categories, refer to the [`cf.llm.prompt.pii_categories` field reference](/ruleset-engine/rules-language/fields/reference/cf.llm.prompt.pii_categories/).
128+
For a list of PII categories, refer to the [`cf.llm.prompt.pii_categories`](/ruleset-engine/rules-language/fields/reference/cf.llm.prompt.pii_categories/) field reference.
129129

130-
For a list of unsafe topic categories, refer to the [`cf.llm.prompt.unsafe_topic_categories` field reference](/ruleset-engine/rules-language/fields/reference/cf.llm.prompt.unsafe_topic_categories/).
130+
For a list of unsafe topic categories, refer to the [`cf.llm.prompt.unsafe_topic_categories`](/ruleset-engine/rules-language/fields/reference/cf.llm.prompt.unsafe_topic_categories/) field reference.
131+
132+
## Example mitigation rules
133+
134+
### Block requests with specific PII category in prompt
135+
136+
The following example [custom rule](/waf/custom-rules/create-dashboard/) will block requests with an LLM prompt that tries to obtain PII of a specific [category](/ruleset-engine/rules-language/fields/reference/cf.llm.prompt.pii_categories/):
137+
138+
- **If incoming requests match**:
139+
140+
| Field | Operator | Value |
141+
| ------------------ | -------- | ------------- |
142+
| LLM PII Categories | is in | `Credit Card` |
143+
144+
If you use the Expression Editor, enter the following expression:<br />
145+
`(any(cf.llm.prompt.pii_categories[*] in {"CREDIT_CARD"}))`
146+
147+
- **Action**: _Block_
148+
149+
### Block requests with specific unsafe content categories in prompt
150+
151+
The following example [custom rule](/waf/custom-rules/create-dashboard/) will block requests with an LLM prompt containing unsafe content of specific [categories](/ruleset-engine/rules-language/fields/reference/cf.llm.prompt.unsafe_topic_categories/):
152+
153+
- **If incoming requests match**:
154+
155+
| Field | Operator | Value |
156+
| --------------------------- | -------- | -------------------------------- |
157+
| LLM Unsafe topic categories | is in | `S1: Violent Crimes` `S10: Hate` |
158+
159+
If you use the Expression Editor, enter the following expression:<br />
160+
`(any(cf.llm.prompt.unsafe_topic_categories[*] in {"S1" "S10"}))`
161+
162+
- **Action**: _Block_

0 commit comments

Comments
 (0)