This article includes instructions for Cloudflare WAF whitelist for Trace, as well as whitelisting for a proxy. Error message:
This document outlines how you can add a WAF custom rule within your Cloudflare account to whitelist requests that our platform makes, without those requests being blocked by the Security settings within Cloudflare.
Steps to Create a Rule
1. Navigate to “Security > WAF” within the domain settings in Cloudflare.
2. Click “Create rule”
3. On the Create Rule page:
- Give the rule a name (example: WAF Whitelist)
- Configure the rule
- Field: IP Source Address
- Operator: is in
- Value: Enter the supplied IP addresses sent from our team - It will be a mix of IPv4 and IPv6 addresses.
4. Then set the actions to be taken:
- Select “Skip”
- Choose which WAF options to skip. We recommend disabling the following:
- All remaining custom rules
- All rate limiting rules
- All managed rules
- All Super Bot Fight Mode rules
- User Agent blocking
- Browser Integrity Check
- Security Level
Example:
Confirm The Rule Is Working
As long as you did not disable the “Log matching requests” above, you can revisit the events section under “Security > Events” after a couple of hours to verify that you are seeing requests that match the Rule you created.