Cloudflare SE Lab
Lab 5

WAF custom rules and security events

Lab 5 demonstrates how Cloudflare can protect an exposed application path at the edge using a WAF custom rule, then validate enforcement with HTTP response codes and Security Events.

Scenario

A customer has an exposed admin path and wants quick edge protection without changing the application. The goal is to block or challenge access before the request reaches the origin or application.

Objective

Create a Cloudflare WAF custom rule that protects /admin, validate that the edge rule blocks the request, and use Security Events to confirm which rule matched. This shows how Cloudflare can enforce security controls without requiring an application deployment.

Outcomes

  • Created a WAF custom rule for the exposed admin path.
  • Matched requests where the URI path starts with /admin.
  • Applied a blocking action at the Cloudflare edge.
  • Validated the block using curl.
  • Confirmed that Cloudflare returned the security response before application handling.
  • Reviewed Security Events to prove the rule fired.

Environment / Build

  • Zone: ybarra-cflab.com
  • Protected hostname: www.ybarra-cflab.com
  • Protected path: /admin
  • Cloudflare product area: Security → WAF → Custom rules
  • Rule name: Block admin lab path
  • Expression: (http.request.uri.path starts_with "/admin")
  • Action: Block

Demonstrable Content

Validate the protected admin path:

curl -I https://www.ybarra-cflab.com/admin

Expected result:

HTTP/2 403
server: cloudflare

Validate that the normal site still works:

curl -I https://www.ybarra-cflab.com/

What Was Completed

  • Created a Cloudflare WAF custom rule named Block admin lab path.
  • Configured the rule expression to match /admin and any nested admin path.
  • Set the rule action to Block.
  • Deployed the rule from the Cloudflare dashboard.
  • Validated that /admin returns a blocked response.
  • Confirmed that normal website traffic remains available.
  • Reviewed Security Events to correlate the blocked request with the deployed rule.

Lab 5 Technical Summary

Lab 5 implemented edge-based access protection using a Cloudflare WAF custom rule. The rule evaluates incoming requests before application handling and blocks requests where the URI path starts with /admin. Validation was performed with curl -I to confirm that Cloudflare returned an HTTP 403 response and that the response was served by Cloudflare. Security Events were then used to confirm that the expected rule matched the request. This demonstrates how Cloudflare can enforce security policy at the edge without requiring an origin or application code change.

Lab 5 Customer-Facing Summary

We protected an exposed admin path by creating a Cloudflare security rule that blocks access before the request reaches the application. This gives the customer fast protection without waiting for a code change or origin deployment. We then tested the protected path, confirmed the block response, and reviewed Cloudflare Security Events to prove which rule enforced the policy.