Security rules
Security rules perform security-related actions on incoming requests that match specified filters. Rules are evaluated and executed in order, from first to last.
Security rules are available in Security > Security rules.
The Security rules tab includes a list of different types of rules configured in your domain / zone to protect your applications and resources.
To create a security rule:
- Log in to the Cloudflare dashboard ↗ and select your account and domain.
- Go to Security > Security rules.
- (Optional) Select Templates, and then select a template from the list. You can customize the default configuration of the template before deploying the new rule. Refer to the resources listed in the next step.
- Select Create rule > select the type of rule you want to create. Refer to the following resources about each rule type:
- Custom rules
- Rate limiting rules
- API sequence rules
- API JWT validation rules (requires a token configuration)
- Managed rules exceptions
- Content security rules (previously known as Page Shield policies)
The DDoS Protection tab shows the multiple DDoS mitigation services provided by Cloudflare. You can create rules to override these mitigation tools. DDoS attack protection overrides are only available to Enterprise customers with the Advanced DDoS Protection subscription.
To learn more about DDoS protection overrides, refer to the following resources:
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark