Introducing hostname and ASN lists to simplify WAF rules creation
If you’re responsible for creating a Web Application Firewall (WAF) rule, you’ll almost certainly need to reference a large list of potential values that each field can have. And having to manually manage and enter all those fields, for numerous WAF rules, would be a guaranteed headache.
That’s why we introduced IP lists. Having a separate list of values that can be referenced, reused, and managed independently of the actual rule makes for a better WAF user experience. You can create a new list, such as $organization_ips, and then use it in a rule like "allow requests where source IP is in $organization_ips ". If you need to add or remove IPs, you do that in the list, without touching each of the rules that reference the list. You can even add a descriptive name to help track its content. It's easy, clean, and organized.
Which led us, and our customers, to ask the next natural question: why stop at IPs?
Originally published at https://blog.cloudflare.com on November 15, 2023.
