Example rules
This custom rule example logs all requests with at least one uploaded content object:
- Expression: cf.waf.content_scan.has_obj
- Action: Log
This custom rule example blocks requests addressed at /upload.php that contain at least one uploaded content object considered malicious:
- Expression: cf.waf.content_scan.has_malicious_obj and http.request.uri.path eq "/upload.php"
- Action: Block
This custom rule example blocks requests addressed at /upload with uploaded content objects that are not PDF files:
- Expression: any(cf.waf.content_scan.obj_types[*] != "application/pdf") and http.request.uri.path eq "/upload"
- Action: Block
This custom rule example blocks requests addressed at /upload with uploaded content objects over 500 KB in size:
- Expression: any(cf.waf.content_scan.obj_sizes[*] > 500000) and http.request.uri.path eq "/upload"
- Action: Block
This custom rule example blocks requests with uploaded content objects over 15 MB in size (the current content scanning limit):
- Expression: any(cf.waf.content_scan.obj_sizes[*] >= 15728640)
- Action: Block
In this example, you must also test for equality because currently any file over 15 MB will be handled internally as if it had a size of 15 MB (15,728,640 bytes). This means that using the > (greater than) comparison operator would not work for this particular rule — you should use >= (greater than or equal) instead.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark