Cloudflare Docs
DDoS Protection
Visit DDoS Protection on GitHub
Set theme to dark (⇧+D)

Rule categories

The main categories (or tags) of HTTP DDoS Attack Protection managed rules are the following:

NameDescription
botnetsRules for requests from known botnets, with very high accuracy and low risk of false positives. It is recommended that you keep these rules enabled.
unusual-requestsRules for requests with suspicious characteristics that are not usually seen in legitimate traffic.
advancedRules related to features available to Advanced DDoS Protection customers, such as Adaptive DDoS Protection.
genericRules for detecting and mitigating floods of requests. These rules are useful for mitigating attacks that have no known signatures, but they may also trigger on unusually high volumes of legitimate traffic. To reduce the risk of false positives, their request per second (rps) activation threshold is higher. These rules either rate-limit or challenge traffic by default, but you can override them to block traffic if necessary.
read-onlyHighly targeted rules for mitigating DDoS attacks with a high confidence rate. These rules are read-only — you cannot override their sensitivity level or action.
testRules used for testing the detection, mitigation, and alerting capabilities of Cloudflare’s DDoS protection products.