ワンクリックで
cloudflare-waf-management
Manage Cloudflare WAF — custom rules, managed rulesets, IP access rules, DDoS response
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Manage Cloudflare WAF — custom rules, managed rulesets, IP access rules, DDoS response
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
Deploy and manage Cloudflare Workers — upload scripts, configure routes, manage secrets, view analytics
Cloudflare zone health dashboard — DNS, security, tunnels, WAF, DDoS status
Manage Cloudflare R2 storage buckets and objects — create, list, inspect, delete buckets and objects
Manage Cloudflare Workers KV namespaces and key-value pairs — create, list, read, write, delete
Live integration test for all Cloudflare MCP tools — read + safe writes with cleanup
Manage Cloudflare DNS records — add, list, update, delete records with verification across multiple zones
| name | cloudflare-waf-management |
| description | Manage Cloudflare WAF — custom rules, managed rulesets, IP access rules, DDoS response |
Workflow skill for managing Cloudflare Web Application Firewall (WAF). Covers listing and viewing rulesets, creating and deleting custom rules, managing IP access rules, and emergency DDoS response including Under Attack Mode.
WAF rules are zone-scoped. Always confirm the target zone before making changes. If the user has not specified a zone, call cloudflare_zone_list and ask them to select.
Call cloudflare_waf_list_rulesets for the selected zone.
Display all rulesets in a table:
| Ruleset Name | ID | Phase | Kind | Rules |
|---|---|---|---|---|
| Cloudflare Managed Ruleset | abc | http_request_firewall_managed | managed | 300+ |
| Custom Firewall Rules | def | http_request_firewall_custom | custom | 5 |
Distinguish between managed rulesets (Cloudflare-maintained) and custom rulesets (user-defined).
Show the current status of each ruleset (enabled/disabled).
Call cloudflare_waf_get_ruleset with the ruleset ID.
Display:
Format custom rules as a table:
| Priority | Name | Expression | Action | Enabled |
|---|---|---|---|---|
| 1 | Block Scrapers | (http.user_agent contains "bot") | block | yes |
| 2 | Challenge API | (ip.src ne 1.2.3.4 and http.request.uri.path starts_with "/api") | challenge | yes |
(ip.src eq 1.2.3.4))cloudflare_waf_create_custom_rule with all parameters.cloudflare_waf_list_custom_rules and confirm the new rule appears.cloudflare_waf_list_custom_rules.cloudflare_waf_delete_custom_rule with the rule ID.cloudflare_waf_list_custom_rules again to confirm the rule is removed.List IP access rules:
Call cloudflare_ip_access_list for the zone.
Display as a table:
| IP/CIDR/Country | Mode | Notes | Age |
|---|---|---|---|
| 1.2.3.4 | block | Attack traffic | 3 days |
| 10.0.0.0/8 | allow | Internal monitoring | 90 days |
| CN | challenge | Country challenge | 14 days |
Flag rules older than 30 days as potentially stale.
Create an IP access rule:
cloudflare_ip_access_create with the parameters.Delete an IP access rule:
cloudflare_ip_access_delete with the rule ID.cloudflare_security_level_get for the zone.
under_attack): All visitors receive a JS challenge. Legitimate users with JS-capable browsers pass automatically. This stops most L7 DDoS attacks but may impact API clients and bots.cloudflare_security_level_set with the desired level.cloudflare_security_level_get to confirm the change.cloudflare_waf_list_rulesets — list all WAF rulesets for a zonecloudflare_waf_get_ruleset — get full details of a specific rulesetcloudflare_waf_list_custom_rules — list custom WAF rulescloudflare_waf_create_custom_rule — create a new custom WAF rulecloudflare_waf_delete_custom_rule — delete a custom WAF rulecloudflare_ip_access_list — list IP access rulescloudflare_ip_access_create — create an IP access rule (block/challenge/allow)cloudflare_ip_access_delete — delete an IP access rulecloudflare_security_level_get — get current WAF security levelcloudflare_security_level_set — set WAF security level (including Under Attack Mode)