This topic was automatically closed after 30 days. The Cloudflare WordPress WAF rule “WP0002 - Block WordPress XML-RPC” rule is disabled by default but when enabled completely disables access to the xmlrpc.php file. Cloudflare Rate Limiting protects against denial-of-service attacks, brute-force login attempts, and other types of abusive behavior targeting the application layer. Overview I don’t think Cloudflare is going to divulge what exactly the WAF will block or not, but you can certainly set up a test domain and try it out. What settings are applied when I click "Optimize Cloudflare for WordPress" in Cloudflare's WordPress plugin. Hi all, I am after some guidance on how I would possibly implement WAF on my applications. Security. Our goal is there are different IPs we want to … strikingmediaapi. https://www.domain.com/p.php?p=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd &g=1&t=UG9zaXRpb246VCBhbmQgQ3xSYW5rOjF8T2ZmZXIxOiZwb3VuZDs1IEJPTlVTfE9mZmVyMjpEZXBvc2l0ICZwb3VuZDswfE9mZmVyMzpQbGF5IHdpdGggJnBvdW5kOzV8UmF0aW5nOjUuMA,, (or any standard service like the proxy, or the Firewall) If there is banned IP, can I access the list of banned IP / … For more information about why this was originally implemented take a look at our blog post on the subject: https://blog.cloudflare.com/our-waf-is-keeping-wordpress-jetpack-on-track/.