What are preconfigured WAF rules in Cloud Armor?

Preconfigured WAF rules are based on the OWASP ModSecurity Core Rule Set and detect common web attacks including SQL injection (sqli), cross-site scripting (xss), local file inclusion (lfi), remote file inclusion (rfi), remote code execution (rce), method enforcement, scanner detection, and protocol attacks. Each rule set can be enabled at different sensitivity levels (1-4), with higher levels catching more attacks but increasing false positive risk. You can also exclude specific rules within a set to reduce false positives for your application.

How does Cloud Armor rate limiting work?

Rate limiting rules enforce a maximum request count per client over a configurable time window. You can rate limit by source IP, HTTP header values, or XFF (X-Forwarded-For) IP addresses. When a client exceeds the threshold, Cloud Armor can block subsequent requests (returning 429), redirect them to a reCAPTCHA challenge, or throttle by dropping a percentage of requests. Rate limits are enforced at Google's edge network, meaning abusive traffic is stopped before reaching your backend.

What is Cloud Armor adaptive protection?

Adaptive protection uses machine learning to analyze traffic patterns and automatically detect L7 DDoS attacks. When it detects an anomaly, it generates a suggested WAF rule with a confidence score that you can review and deploy. In auto-deploy mode, rules above a configurable confidence threshold are deployed automatically. Adaptive protection is particularly useful for attacks that are difficult to distinguish from legitimate traffic using static rules alone.

GCP Cloud Armor WAF Policy Builder

IAM & SecurityGCP

Build Cloud Armor WAF security policies with preconfigured rules and rate limiting.

Cloud Armor Policy Configuration

Policy Name

Description

Enable Adaptive Protection (Layer 7 DDoS defense)

Rule 1

Priority

Action

Match Type

Description

Source IP Ranges

Preview mode (log only, don't enforce)

Policy name is required

Generated Cloud Armor Policy

Output will appear here...

About This Tool

Google Cloud Armor provides DDoS protection and web application firewall (WAF) capabilities for applications behind Google Cloud Load Balancers. Security policies contain rules that evaluate incoming requests against conditions like IP address ranges, geographic locations, or WAF expression language predicates that inspect headers, cookies, and request bodies for attack patterns. This builder helps you create security policies with correct rule priorities, match conditions, preconfigured WAF rule sets (OWASP ModSecurity Core Rule Set), rate limiting configurations, and adaptive protection settings.

When to Use This Tool

•Building a Cloud Armor policy that blocks traffic from specific countries and known malicious IP ranges while allowing all other traffic
•Creating WAF rules that detect and block SQL injection and cross-site scripting attempts using preconfigured OWASP ModSecurity rules
•Configuring rate limiting rules that throttle requests per IP address to prevent application-layer DDoS attacks and brute-force login attempts
•Generating security policies with adaptive protection that automatically detects and mitigates volumetric L7 attacks

Frequently Asked Questions

What are preconfigured WAF rules in Cloud Armor?: Preconfigured WAF rules are based on the OWASP ModSecurity Core Rule Set and detect common web attacks including SQL injection (sqli), cross-site scripting (xss), local file inclusion (lfi), remote file inclusion (rfi), remote code execution (rce), method enforcement, scanner detection, and protocol attacks. Each rule set can be enabled at different sensitivity levels (1-4), with higher levels catching more attacks but increasing false positive risk. You can also exclude specific rules within a set to reduce false positives for your application.
How does Cloud Armor rate limiting work?: Rate limiting rules enforce a maximum request count per client over a configurable time window. You can rate limit by source IP, HTTP header values, or XFF (X-Forwarded-For) IP addresses. When a client exceeds the threshold, Cloud Armor can block subsequent requests (returning 429), redirect them to a reCAPTCHA challenge, or throttle by dropping a percentage of requests. Rate limits are enforced at Google's edge network, meaning abusive traffic is stopped before reaching your backend.
What is Cloud Armor adaptive protection?: Adaptive protection uses machine learning to analyze traffic patterns and automatically detect L7 DDoS attacks. When it detects an anomaly, it generates a suggested WAF rule with a confidence score that you can review and deploy. In auto-deploy mode, rules above a configurable confidence threshold are deployed automatically. Adaptive protection is particularly useful for attacks that are difficult to distinguish from legitimate traffic using static rules alone.

Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.

GCP Cloud Armor WAF Policy Builder

IAM & SecurityGCP

Build Cloud Armor WAF security policies with preconfigured rules and rate limiting.

Cloud Armor Policy Configuration

Policy Name

Description

Enable Adaptive Protection (Layer 7 DDoS defense)

Rule 1

Priority

Action

Match Type

Description

Source IP Ranges

Preview mode (log only, don't enforce)

Policy name is required

Generated Cloud Armor Policy

Output will appear here...

About This Tool

When to Use This Tool

•Building a Cloud Armor policy that blocks traffic from specific countries and known malicious IP ranges while allowing all other traffic
•Creating WAF rules that detect and block SQL injection and cross-site scripting attempts using preconfigured OWASP ModSecurity rules
•Configuring rate limiting rules that throttle requests per IP address to prevent application-layer DDoS attacks and brute-force login attempts
•Generating security policies with adaptive protection that automatically detects and mitigates volumetric L7 attacks

Frequently Asked Questions

What are preconfigured WAF rules in Cloud Armor?: Preconfigured WAF rules are based on the OWASP ModSecurity Core Rule Set and detect common web attacks including SQL injection (sqli), cross-site scripting (xss), local file inclusion (lfi), remote file inclusion (rfi), remote code execution (rce), method enforcement, scanner detection, and protocol attacks. Each rule set can be enabled at different sensitivity levels (1-4), with higher levels catching more attacks but increasing false positive risk. You can also exclude specific rules within a set to reduce false positives for your application.
How does Cloud Armor rate limiting work?: Rate limiting rules enforce a maximum request count per client over a configurable time window. You can rate limit by source IP, HTTP header values, or XFF (X-Forwarded-For) IP addresses. When a client exceeds the threshold, Cloud Armor can block subsequent requests (returning 429), redirect them to a reCAPTCHA challenge, or throttle by dropping a percentage of requests. Rate limits are enforced at Google's edge network, meaning abusive traffic is stopped before reaching your backend.
What is Cloud Armor adaptive protection?: Adaptive protection uses machine learning to analyze traffic patterns and automatically detect L7 DDoS attacks. When it detects an anomaly, it generates a suggested WAF rule with a confidence score that you can review and deploy. In auto-deploy mode, rules above a configurable confidence threshold are deployed automatically. Adaptive protection is particularly useful for attacks that are difficult to distinguish from legitimate traffic using static rules alone.