Skip to content

Best Practices

Recommendations for designing and rolling out flow rules safely.

  • Order matters. Place specific rules (e.g., /admin/*) above broad rules (/*) so they match first.
  • Start permissive, tighten gradually. Begin with passive challenges and Log only rate limits, watch the logs, then escalate.
  • Test before enforcing. Use Log only options on Rate Limit and Block List to validate your rules against real traffic before turning on enforcement.
  • End your flow with a catch-all. A final /* rule with sensible defaults ensures every request gets a baseline policy.
  • Be extremely cautious with Edge Cache and HSTS Preload — both can cause hard-to-reverse problems if misconfigured.

Up: Configuring Flow Rules (overview)