Cloudflare's Web Application Firewall (WAF) provides a strong layer of security for internet-facing applications and sites, but it is recommended to allow external scanners to bypass the WAF in order to get complete visibility into the assets underneath. This ensures that any issues are addressed that could be exposed if the WAF fails or an attacker finds a way to bypass the protections.
Adding a Custom Rule to the WAF
- From the Security menu on the left, select WAF
- Click on the Custom Rules tab
- Click Create a Firewall Rule, and enter a name (e.g. Nodeware Scanning Bypass)
- In the Field dropdown under If incoming requests match... select IP Source Address
- Change the Operator dropdown to is in
- In the Value field, enter the address blocks specified on the Sites & Interfaces view under Manage Customer in the Nodeware dashboard
- Under the Then take action... header, select Skip in the dropdown
- Select all of the check boxes in the WAF components to skip list
- Click More components to skip, select all check boxes
- When finished, click Deploy
This will allow the Nodeware External scanners to fully scan the Cloudflare protected hosts without interference. For more information, reference Cloudflare documentation here.
Comments
0 comments
Article is closed for comments.