Cloudflare Docs

Cloudflare Docs

Overview
About Logpush
Get started
Permissions
Enable destinations
Enable Cloudflare R2
Enable HTTP destination
Enable Amazon S3
Enable S3-compatible endpoints
Enable Datadog
Enable Google Cloud Storage
Enable BigQuery
Enable Microsoft Azure
Enable New Relic
Enable Splunk
Enable other providers
Enable Sumo Logic
Tutorials
Parse Cloudflare Logs JSON data
Reference
Logpush API configuration
Filters
Configure custom fields
Logpush examples
Manage Logpush with cURL
Manage Logpush with Python
Log fields
Zone-scoped datasets
DNS logs
Firewall events
HTTP requests
NEL reports
Spectrum events
Account-scoped datasets
Audit logs
Gateway DNS
Gateway HTTP
Gateway Network
Network Analytics Logs
Glossary
Pathing status
Firewall fields
WAF fields
ClientRequestSource field
Instant Logs
Logpull
Understanding the basics
Enabling log retention
Requesting logs
Additional details
FAQ

WAF fields

The Web Application Firewall (WAF) contains rules managed by Cloudflare to block requests that contain malicious content.

WAF Action

Value	Action	Description
`0`	Unknown	Take no other action.
`1`	Allow	Bypass all subsequent WAF rules.
`2`	Block	Block with an HTTP 403 response.
`3`	Challenge Allow	Issue a Managed Challenge.
`4`	Challenge Drop	Unused.
`5`	Log	Take no action other than logging the event.

Deprecated fields for internal Cloudflare use

The values of these fields are subject to change by Cloudflare at any time and are irrelevant for customer data analysis:

WAFFlags
WAFMatchedVar