Jeetkune
Administrator
Setting up the Custom Rule DDoS protection rules.
As shown in the image, follow these steps:
- First, log in to your Cloudflare account.
- Then, select the domain you want to enable DDoS protection for.
- In the left menu, click on Security.
- Click on WAF, which is the sub-button under Security.
- From the page that appears, click the Custom Rules button.

To apply the rules, follow the sequence shown in the images step by step, starting from the first image and proceeding in order (1, 2, etc.).


However, in Step 3 shown in the third image, when you click on 'Edit Expression', copy the following code into the opened field, but replace 'yourdomain' with your own domain and 'your_cookie' with the cookie you previously found and noted from your site:

Additionally, for specific paths such as /recovery.php hosted under a subfolder, you need to include the entire path only if the file is inside a subfolder.
For example:
- If the recovery file is located at example.com/chat/recovery.php, specify /chat/recovery.php.
- If it’s under example.com/blabla/recovery.php, specify /blabla/recovery.php.
Always ensure to adjust the path correctly based on the file’s location to maintain proper functionality.
Code:
(not http.request.uri.path in {"/"} and not http.referer contains "your_domain.com" and not http.request.uri.path contains "/recovery.php") or (cf.threat_score ge 1 and not http.cookie contains "your_cookie")
After pasting the code into the box as is, follow this final image to complete the process.

[ Now, let's move on to the third step. ]

Last edited: