Example rules
This custom rule example logs all requests with at least one uploaded content object:
- Expression:
cf.waf.content_scan.has_obj - Action: Log
This custom rule example blocks requests addressed at /upload.php that contain at least one uploaded content object considered malicious:
- Expression:
cf.waf.content_scan.has_malicious_obj and http.request.uri.path eq "/upload.php" - Action: Block
This custom rule example blocks requests addressed at /upload with uploaded content objects that are not PDF files:
- Expression:
any(cf.waf.content_scan.obj_types[*] != "application/pdf") and http.request.uri.path eq "/upload" - Action: Block
This custom rule example blocks requests addressed at /upload with uploaded content objects over 500 KB in size:
- Expression:
any(cf.waf.content_scan.obj_sizes[*] > 500000) and http.request.uri.path eq "/upload" - Action: Block
This custom rule example blocks requests with uploaded content objects over 15 MB in size (the current content scanning limit):
- Expression:
any(cf.waf.content_scan.obj_sizes[*] >= 15000000) - Action: Block
In this example, you must also test for equality because currently any file over 15 MB will be handled internally as if it had a size of 15 MB. This means that using the > (greater than) comparison operator would not work for this particular rule — you should use >= (greater than or equal) instead.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark