From ff9636f1cf23d2a5e0d3b8bfa74d178cc1765f01 Mon Sep 17 00:00:00 2001 From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com> Date: Fri, 18 Oct 2024 12:43:21 +0100 Subject: [PATCH] [WAF] Clarify execution and interaction with SBFM --- src/content/docs/bots/troubleshooting.mdx | 4 ++++ src/content/docs/waf/concepts.mdx | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/content/docs/bots/troubleshooting.mdx b/src/content/docs/bots/troubleshooting.mdx index 5459fc324a11ba..396c7f2787c1f6 100644 --- a/src/content/docs/bots/troubleshooting.mdx +++ b/src/content/docs/bots/troubleshooting.mdx @@ -65,6 +65,10 @@ This does not mean that your traffic was blocked. It is the challenge sent to yo To understand if the result of the challenge was a success or a failure, you can verify using [Logpush](/logs/about/). +## Does the WAF run before Super Bot Fight Mode? + +Yes. WAF rules are executed before Super Bot Fight Mode. If a WAF custom rule performs a [terminating action](/ruleset-engine/rules-language/actions/) such as _Block_, your Super Bot Fight Mode configuration will not be evaluated. + --- ## What is the difference between the threat score and bot management score? diff --git a/src/content/docs/waf/concepts.mdx b/src/content/docs/waf/concepts.mdx index 33927ded859a6f..41380a0a916ac8 100644 --- a/src/content/docs/waf/concepts.mdx +++ b/src/content/docs/waf/concepts.mdx @@ -68,4 +68,6 @@ Cloudflare evaluates different types of rules when processing incoming requests. 5. [WAF Managed Rules](/waf/managed-rules/) 6. [Cloudflare Rate Limiting](/waf/reference/legacy/old-rate-limiting/) (previous version, deprecated) -For more information on the Ruleset Engine phases where each WAF feature will execute, refer to [WAF phases](/waf/reference/phases/). +Rules are evaluated in order. If there is a match for a rule with a [terminating action](/ruleset-engine/rules-language/actions/), the rule evaluation will stop and the action will be executed immediately. Rules with a non-terminating action (such as _Log_) will not prevent subsequent rules from being evaluated and executed. For more information on how rules are evaluated, refer to [Rule evaluation](/ruleset-engine/about/rules/#rule-evaluation) in the Ruleset Engine documentation. + +For more information on the phases where each WAF feature will execute, refer to [WAF phases](/waf/reference/phases/).