Skip to content

[DDoS Protection] Log only and EOff ruleset override use case #26107

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Oct 27, 2025
Merged

[DDoS Protection] Log only and EOff ruleset override use case #26107

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7ab7a15
log and eoff
patriciasantaana Oct 27, 2025
0911398
styling
patriciasantaana Oct 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion ...cs/ddos-protection/managed-rulesets/http/http-overrides/configure-dashboard.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ If you cannot deploy any additional overrides, consider editing an existing over
</TabItem>
<TabItem label="New dashboard" icon="rocket">
<Steps>
1. In the [Cloudflare dashboard, go to the **Security rules** page.
1. In the Cloudflare dashboard, go to the **Security rules** page.

<DashButton url="/?to=/:account/:zone/security/security-rules" />
2. Go to the **DDoS protection** tab.
Expand Down
19 changes: 17 additions & 2 deletions ...dos-protection/managed-rulesets/network/network-overrides/override-examples.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ head:

---

import { Details, GlossaryTooltip } from "~/components"
import { Details, GlossaryTooltip, DashButton } from "~/components"

## Use cases

Expand All @@ -25,4 +25,19 @@ The override only applies to the fingerprint and not the detection. Refer to [Im

### Attack traffic is flagged by the adaptive rule based on UDP and destination port

If you recognize that the traffic flagged by the adaptive rule based on UDP and destination port is an attack, you create an override rule to enable the adaptive rule in mitigation mode, setting the action to block the traffic.
If you recognize that the traffic flagged by the adaptive rule based on UDP and destination port is an attack, you create an override rule to enable the adaptive rule in mitigation mode, setting the action to block the traffic.

### Minimize the risk of false positives impacting production traffic

To avoid disruptions during initial deployment, you can create a _Log_ only – _Essentially Off_ ruleset override that allows all traffic while logging detection results. This lets you safely observe and analyze DDoS activity before enabling enforcement.

1. In the Cloudflare dashboard, go to the **Security rules** page.

<DashButton url="/?to=/:account/:zone/security/security-rules" />
2. Go to the **DDoS protection** tab.
3. On **HTTP DDoS attack protection**, select **Create override**.
4. Set the **Scope** to _Apply to all incoming packets_.
5. Under **Ruleset configuration**:
- Set the **Ruleset action** to _Log_.
- Set the **Ruleset sensitivity** to _Essentially Off_.
6. Select **Save**.
Loading