Stop attacks before they are known: making the Cloudflare WAF smarter

Cloudflare has introduced a WAF attack scoring system in general availability to enhance its existing Web Application Firewall (WAF) services. This new feature allows gradual access for customers on Enterprise Core and Advanced Security bundles, with other Enterprise clients gaining access over the coming months. The WAF attack scoring system is designed to classify all requests using a model trained on data from millions of Internet properties protected by Cloudflare's network. It complements the company's existing security features, such as Bot Management and Content Scanning, allowing users to filter potentially malicious attacks before deploying any rules. The attack scores are also available in HTTP logs and can be used when building custom rules or rate-limiting rules for enhanced protection against various web application threats.