Skip to content

Configure Cloudflare WAF

Created by: ElizabethStirling

Enable and configure Cloudflare WAF, first for Dogfood to allow testing, then for dotcom. There are three main goals here:

  1. Enable the WAF
  2. Configure basic rate limiting. Hopefully the WAF gives us this for free, but no guarantees here.
  3. Verify that the WAF is properly configured.

Additionally, we will investigate implementing basic API rate limiting via Cloudflare. However, depending on observability limitations, we may need to wait on rate limiting until we have centralized security logging.

This is a subset of the work for #10629, and may be a complete solution for our purposes. RE: Chat with @nicksnyder and @chayim, we don't want to implement rate limiting into the product unless an on-prem customer requests it.

  • Enable in Dogfood (2d)
  • Test in Dogfood (1d)
  • Enable in Dotcom (1d)
  • Test in Dotcom (1d)