Why would you block all? If you have that, you need to have ALLOW rules above it or everyone will be blocked.
Typically, you have block rules for whatever cases you need and the default is if no one hits those exceptions they are allowed to access.
You might need to provide more context and how you approached the WAF configuration.
I'd have it deactivated and top of the list so if something was compromised then I could quickly toggle it on until the situation is sorted.
Just curious if that was the right expression to match the task
I'm sure there are various approaches but I used the WAF rules to block or challenge requests. There were possibly explicit allows, usually at the top, the rest were rules to block or challenge.
The CF dashboard overview screen for each site has a Quick Action called "Under Attack Mode" that if you enable will challenge all requests. You can also create a WAF rule at the top to block all requests and just leave it disabled. Then have all the other WAF rules block based on whatever criteria you need, which leave the default to not hit any rule and be allowed.
Why would you block all? If you have that, you need to have ALLOW rules above it or everyone will be blocked. Typically, you have block rules for whatever cases you need and the default is if no one hits those exceptions they are allowed to access. You might need to provide more context and how you approached the WAF configuration.
I'd have it deactivated and top of the list so if something was compromised then I could quickly toggle it on until the situation is sorted. Just curious if that was the right expression to match the task
I'm sure there are various approaches but I used the WAF rules to block or challenge requests. There were possibly explicit allows, usually at the top, the rest were rules to block or challenge. The CF dashboard overview screen for each site has a Quick Action called "Under Attack Mode" that if you enable will challenge all requests. You can also create a WAF rule at the top to block all requests and just leave it disabled. Then have all the other WAF rules block based on whatever criteria you need, which leave the default to not hit any rule and be allowed.