Skip to content

Glossary

Review the definitions for terms used across Cloudflare’s WAF documentation.

Term Definition
allowlist

An allowlist is a list of items (usually websites, IP addresses, email addresses, etc.) that are permitted to access a system.

attack score

A number from 1 (likely malicious) to 99 (likely clean) classifying how likely an incoming request is malicious or not. Allows you to detect new attack techniques before they are publicly known.

blocklist

A blocklist is a list of items (usually websites, IP addresses, email addresses, etc.) that are prevented from accessing a system.

content object

A content object is any binary part of a request body (as detected by Cloudflare systems) that does not match any of the following content types: text/html, text/x-shellscript, application/json, text/csv, or text/xml.

credential stuffing

Credential stuffing is the automated injection of stolen username and password pairs (known as "credentials") into website login forms, trying to gain access to user accounts.

leaked credentials

Leaked credentials refers to sensitive authentication information disclosed in some way (for example, due to misconfigurations, data breaches, or simple human error), allowing other parties to gain access to digital resources.

Credentials may include usernames, passwords, API keys, authentication tokens, or private keys.

firewall

A firewall is a security system that monitors and controls network traffic based on a set of security rules.

mitigated request

A request to which Cloudflare applied a terminating action such as block or challenge.

paranoia level

Classifies rules of the OWASP managed ruleset according to their aggressiveness.

rate limiting

Rate limiting is a technique used in computer systems to control the rate at which requests are processed. It can be used as a security measure to prevent attacks, or to limit resource usage in your origin servers.

SIEM

A Security Information and Event Management (SIEM) solution collects, analyzes, and correlates data to help manage security incidents, detect anomalies, and meet compliance requirements.

threat score

The threat score is a score from 0 (zero risk) to 100 (high risk) classifying the IP reputation of a visitor.

IP reputation is calculated based on Project Honeypot, external public IP information, as well as internal threat intelligence from WAF managed rules and DDoS.