Support
Web Application Firewall Reports

Generating Cloudflare WAF Rules from Invicti Standard

This document is for:
Invicti Standard

The Cloudflare WAF examines HTTP requests to your website. Cloudflare WAF is a type of reverse-proxy that means the WAF is located in front of web servers and forwards client requests to those web servers. It inspects the requests and applies rules to protect web applications from attacks, such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection.

If you can't immediately fix all vulnerabilities that Invicti has detected, you can cover them up and defer fixing them until another time. This is achieved by exporting Invicti’s findings as rules for the Cloudflare WAF.

After you import the rules, the Cloudflare WAF will then block any requests made by malicious hackers.

For further information, see Web Application Firewalls.

Cloudflare WAF Fields

The table lists and describes the Cloudflare WAF fields in the Web Application Firewall tab.

Field

Description

Add

Click to add an integration.

Delete

Click to delete the integration and clear all fields.

Test Settings

Click to confirm that Invicti Standard can connect to the configured system.

Action

This section contains general fields about the Send To Action.

Display Name

This is the name of the configuration that will be shown on menus.

Mandatory

This section contains fields that must be completed.

Access Token

This is the access token of the user.

Zone ID

This is the zone identifier.

Optional

This section contains optional fields.

Allow Regex

This is the region name, where the Web ACL is located. 

The default setting is ‘True’.

How to Configure Cloudflare WAF Rules in Invicti Standard

  1. Open Invicti Standard.
  2. From the Home tab on the ribbon, click Options. The Options dialog is displayed.
  3. Click Web Application Firewall.

  1. From the Add dropdown, select Cloudflare. The Cloudflare fields are displayed.

  1. In the Mandatory section, complete the connection details:.
    • Access Token
    • Zone ID
  2. In the Optional settings you can specify:
    • Allow Regex

Allow regex option enables Invicti to use regex patterns while creating rules.

  1. Click Test Settings to confirm that Invicti Standard can connect to the configured system and validate the configuration details. The WAF Settings Test dialog is displayed to confirm that the settings have been validated.

How to Generate Cloudflare WAF Rules from Invicti Standard Scan Results

  1. Open Invicti Standard.
  2. From the ribbon, select the File tab. Local Scans are displayed. Double-click the relevant scan to display its results.

  1. In the Issues panel, right click the vulnerability you want to export and select Cloudflare WAF Rules. (Alternatively, from the ribbon, click the Vulnerability tab, then Cloudflare WAF Rules.) A confirmation message and link is displayed at the bottom of the screen.

  1. Click the Cloudflare rule is created for the selected vulnerability link.
  2. The rule is automatically created in the Cloudflare WAF. You can view it in Cloudflare WAF’s Firewall Rules tab in the Firewall menu.

  1. To retest the vulnerability from the ribbon in Invicti Standard, click the Vulnerability tab, then Retest. If the WAF blocks the request, the status code of the response is '403-Forbidden' and Invicti  will display a message: Vulnerability seems to be fixed and removed from the report.

Since Cloudflare does not provide an option for the request body, Invicti blocks the request method and URL. This causes non-vulnerable requests to be blocked.