Cloudflare’s Web Application Firewall (WAF) for Rackspace

Cloudflare and Magento logos

Cloudflare’s WAF is built to protect your Rackspace hosted website from malicious attack, such as SQL injection, cross-site scripting, and comment spam. Our WAF engine runs the OWASP ModSecurity Core Rule Set by default, making sure you’re protected against the OWASP Top 10 common vulnerabilities. In addition, the Cloudflare WAF intelligently learns from the 26 million Internet properties on our network — from the smallest of web properties to enterprise behemoths.

We make it effortless to customize the WAF, and extend your protection even further. You can integrate industry-expert rulesets for individual applications, such as: WordPress, Magento, Atlassian, Flash, WHMCS, etc., import existing ModSecurity rule sets, or write your own custom rules.

Contact us to learn more about how Cloudflare can protect your Rackspace hosted website.

Learn more about how Cloudflare can protect your Rackspace hosted website

Questions? Call us at:

More reasons to integrate Cloudflare with Rackspace

By leveraging Cloudflare’s vast network, our advanced DDoS protection detects and mitigates both network (OSI layers 3, 4) and application (layer 7) DDoS attacks, with zero downtime to your website.

Learn more about DDoS Protection

Improve the speed and performance of your Rackspace hosted website via Cloudflare's next-generation CDN. Serve files closer to your visitors while delivering dynamic content from your web server.

Learn more about CDN

Cloudflare’s Web Application Firewall (WAF) automatically protects against:

  • SQL injection
  • Distributed denial of service (DDoS) attacks
  • Zero-day attacks
  • Comment spam
  • Cross-site scripting (XSS)
  • Application-specific attacks: WordPress, WHMCS, Drupal, Magento, Atlassian, PHP, and more
I believe Cloudflare is the best thing to happen to the web in recent memory.
Director of Technology at Luxury Link


Does Cloudflare’s WAF protect against application (layer 7) attacks?

Yes. Cloudflare's Web Application Firewall (WAF) detects changes in traffic and protects against application layer 7 DDoS attacks, such as POST floods and DNS-based attacks. In addition, implementation of the OWASP Modsecurity Core rule set protects users from the Top 10 vulnerabilities as defined from OWASP (Open Web Application Security Project).

Do I need any additional hardware or software to utilize Cloudflare’s WAF?

No. Being a cloud-based service, Cloudflare’s WAF doesn’t require any additional hardware or software to run and install. Cloudflare’s WAF can be turned on in seconds, and customized to meet your website’s security needs. An attack against any web property on the Cloudflare network helps the entire Cloudflare community (over 26000000 web properties) learn from new attack vectors faster than anyone else.

How often are Cloudflare packaged WAF rule sets updated?

Cloudflare packaged WAF rule sets are updated on a daily basis to protect your website from the most recently identified vulnerabilities.

Can I enable application-specific WAF rules or design my own in the Cloudflare dashboard?

Yes. Cloudflare’s dashboard makes it easy to implement WAF rules. There are three types of WAF rule implementations available: Custom WAF rule requests (write your own), Cloudflare packaged rule sets (on/off toggles), and OWASP ModSecurity Core packed rule sets (on/off toggles).

Custom WAF rule requests can be written and submitted in the dashboard; Cloudflare uses a variant of mod_security syntax to write our rule sets. Cloudflare packaged rule sets include rules to stop attacks commonly seen on Cloudflare's network and attacks against popular applications, such as: Atlassian, Drupal, Flash, Joomla, Magento, PHP, WHMCS, WordPress and more. OWASP ModSecurty core packaged rule sets provide protection against the top 10 common vulnerabilities identified by OWASP.

How long does it take for new rule sets to load globally?

If you enable a new WAF rule set on your website or web application, you can expect it to take effect globally within 30 seconds.