Website
Migrating To The New Cloudflare Managed Rules Interface
If you’ve logged into the section of Cloudflare that deals with security and managed rules, you might see a new notification about migrating to the new Cloudflare managed rules interface. But it’s not just the interface that’s different. Cloudflare is changing the backend architecture of its managed rules implementation, and it’s essential to know how these changes will affect you. Here’s what you need to know.
1. The Change is IRREVERSIBLE
Though I didn’t suffer any permanent consequences, I was a bit perturbed to see that there was no way of reverting to the older Cloudflare managed rules interface. I wanted to go back because Cloudflare hadn’t yet completed the transition to the new rules, and I needed to disable a specific rule that still belonged to the older ruleset. More on that below.
I finally managed to add an exception, as shown below, but the realization that there was no going back came as a shock and a tiny moment of panic that I’d messed up something irreversibly. So be warned – it’s permanent once you change the new interface.
2. The Old Ruleset will Still Apply for a Short While
This is why I panicked when I realized I couldn’t go back to the old interface. A certain rule from the older Cloudflare managed ruleset called “Cloudflare Specials” was blocking my WordPress page from updating because it had a script tag, generating a false positive. Here’s what it looked like, having the old rule still active after you’ve enabled the new Cloudflare ruleset:
As you can see, it shows up as “Managed rules (previous version)”. Normally, I disable this rule whenever I need to update a WordPress page that contains a script tag, but because I had migrated to the new ruleset, I could no longer access the old Cloudflare Specials rule.
So keep in mind that the transition takes some time. For me, the old Cloudflare rules continued to operate and block requests for a short time. Consequently, I suggest you don’t enable the new Cloudflare managed rules interface while you’re actively working with the firewall rules.
3. Add an Exception for Yourself
One way to avoid being caught with your pants down when you migrate to the new Cloudflare managed rules interface is to create an exception so that you don’t get locked out with no way to disable an older rule. To do this, go to the managed rules section, and click “Add exception” to the new interface, as shown here:
In the next screen, you can create an exception based on your IP address like this:
Give the rule a minute or so to take effect, and you can bypass all the rules to keep working. You can also enable and disable the exception easily, making it a very flexible setting.
Locating the Old Rules in the New Interface
While I can’t be sure that there’s a direct one-to-one mapping of the old rules to the new ones, the rules that I’m familiar with are also present in the new set. For example, the rule above that generated false positives was called XSS, HTML Injection – Script Tag, and I was able to find it in the new “Cloudflare Managed Ruleset” as shown here:
I suspect that most of the older rules will have an equivalent in the new ruleset, though I can’t be sure that all of them have been migrated. You should check for yourself and see.
As mentioned above, the best solution to getting locked out of the new Cloudflare managed ruleset is to create an exception for yourself and disable it after you’re done working on your site.
What Does Error 550 Mean? (And How Can You Resolve It?)
Domain Security: 5 Strategies to Protect Your Website
