Back to all labs
LAB 02

Application Services

Security, Performance & Observability at the Edge

45 minutes Level 3 2 Captains
Access Lab Guide
DDoS Protection (L7)Managed RulesetsCustom WAF RulesRate LimitingCDNArgo Smart RoutingTransform RulesSnippetsLog ExplorerAI Crawl Control

Summary

This hands-on BlazeHack workshop covers Cloudflare's Application Services end to end — from securing your web application to accelerating it and gaining full observability. Participants will configure the Web Application Firewall (WAF), Rate Limiting, and DDoS protection, then optimize delivery using the CDN, Cache Rules, and Argo Smart Routing, and finally master monitoring through Log Explorer, custom dashboards, AI Crawl Control, and proactive notifications.

Objectives

  • Enable and validate Cloudflare Managed Rulesets (OWASP Top 10) and DDoS protection
  • Create Custom WAF Rules for application-specific logic and verify them in Security Events
  • Configure Advanced Rate Limiting to protect login endpoints from brute-force attacks
  • Understand and navigate Cloudflare's Cache architecture and CDN edge serving
  • Create Cache Rules for granular content caching and validate cache hit ratios
  • Enable Argo Smart Routing to optimize origin network paths
  • Build Transform Rules for security-aware HTTP response headers
  • Create Snippets for edge logic such as A/B testing based on cookies
  • Use Log Explorer and custom dashboards for deep-forensic traffic analysis
  • Observe AI Crawl Control and configure proactive alert notifications

Lab Authors

SRT
Sze Rong Tham Solutions Engineer
SL
Sean Lim Digital Solutions Engineer

Lab Modules

Step-by-step hands-on modules

1

Building a Digital Fortress -- Web Application and API Security

20 min

This module covers the essential layers of modern web defense. You will start by deploying Cloudflare's Managed Rulesets and understand the DDoS stack to stop known threats, then move into Rate Limiting to prevent brute-force attacks. Finally, you will craft Custom WAF Rules for geographic control and optionally create Transform Rules to harden your site's security headers.

Objective: Deploy a multi-layered security posture that protects against automated exploits, controls traffic based on origin and behavior, and optimizes server response headers for browser-side safety.

Key Steps:

  • Deploy Cloudflare's Managed Rulesets for OWASP Top 10 protection
  • Understand the DDoS protection stack and its automatic mitigation
  • Configure Advanced Rate Limiting rules for API endpoints
  • Create Custom WAF Rules for geographic and behavioral control
  • Review Security Analytics and Security Events to verify protection
  • (Optional) Set up Transform Rules for security headers
2

Need for Speed -- Global Delivery & Resilience

15 min

This module focuses on minimizing latency and optimizing the end-user experience. You will explore the Cloudflare Cache architecture to serve content from the edge, use Cache Rules for granular control over what stays in memory, and deploy Argo Smart Routing to bypass internet congestion. You will also create Transform Rules and Snippets for security-aware edge logic.

Objective: Accelerate content delivery by maximizing edge cache hit ratios, optimizing network paths via smart routing, and maintaining a seamless user experience with security-aware edge rules.

Key Steps:

  • Explore Cloudflare Cache architecture and edge serving
  • Configure Cache Rules for granular content caching
  • Deploy Argo Smart Routing to optimize network paths
  • Create Transform Rules for security headers
  • Build Snippets for edge logic such as A/B testing
3

Eyes in the Skies -- Surveillance & Incident Response

15 min

This module focuses on Cloudflare's analytics and logs to help you leverage the platform as a powerful data engine. You will learn to navigate Security Analytics to spot trends, use Log Explorer to perform deep-forensics on your traffic patterns, and set up notifications for proactive alerting.

Objective: Establish a comprehensive monitoring strategy that allows you to identify emerging threats in real-time and audit security events with forensic precision.

Key Steps:

  • Navigate Log Explorer and add datasets for deeper investigation
  • Build custom dashboards for abnormal status codes
  • Observe AI Crawl Control for automated traffic visibility
  • Create notifications for proactive alerting
  • Correlate blocked traffic with WAF rules and rate limits

Ready to start this lab?

Join the hands-on session and build something real.

Access Lab Guide View All Labs