{P}eelOpsBETA
CloudflareSearchAPISecurity

100 WAF Rules. One IP Address. Good Luck Scrolling.

{P}eelOps Team
Dec 1, 2025
5 min read

You need to find one firewall rule. Just one.

Someone reported that api.example.com is getting blocked. Somewhere in your Cloudflare WAF, there's a rule doing it. You just need to find which one.

So you open the Cloudflare dashboard. Navigate to WAF. And you see it: 100 rules across your zones.

There's no search box.

You start scrolling. And clicking. And reading. Rule by rule. Zone by zone. Hoping you'll spot "api.example.com" before your eyes give out.

This is 2025. We can generate photorealistic images with AI. But we can't search firewall rules.

The Dirty Secret of Cloud Dashboards

Here's what nobody tells you: the data is all there. Cloudflare's API gives you everything - every rule, every expression, every action, every timestamp. Full access.

The dashboard just doesn't let you search it.

Why? Because cloud providers build UIs for the common case. Most users have 10-20 rules. A nice visual list works fine. Search would add "complexity."

But you're not most users. You're managing enterprise infrastructure. Hundreds of rules. Multiple zones. And you need to find something specific right now because someone's getting blocked and your Slack is blowing up.

The UI wasn't built for you.

The "Just Open Each Zone" Workflow

Here's what finding a rule looks like in native dashboards:

  1. Open Zone A. Click WAF. Scroll through 25 rules. Not there.
  2. Open Zone B. Click WAF. Scroll through 32 rules. Not there.
  3. Open Zone C. Click WAF. Scroll through 28 rules. Maybe? No, that's a different domain.
  4. Open Zone D...

Repeat until you find it or lose the will to live.

And god help you if the rule references the domain in a complex expression that's not immediately visible. You'll scroll right past it.

Time spent: 20-30 minutes (if you're lucky) Confidence you found everything: Low

The {P}eelOps Way: Just Search

Run the "List Cloudflare Firewall Rules" command. Get all rules across all zones in one response. Search for "api.example.com".

Done.

The search works on the full JSON structure. Not just rule names - everything. Expressions, descriptions, actions, notes. If the domain appears anywhere in the rule, you'll find it.

Time spent: 30 seconds Confidence you found everything: 100%

Real Scenarios (From Real Frustration)

"Which Rules Are Challenging Traffic?"

Security wants a list of all rules using the "challenge" action. They're reviewing your bot mitigation strategy.

Dashboard way: Open each zone, filter by... oh wait, there's no action filter. Manual review it is.

{P}eelOps way: Search for "action": "challenge". Instant list across all zones.

"What Did We Set Up for That IP Range?"

You vaguely remember blocking a problematic IP range last year. Now you need to modify it. What was it called? Which zone?

Dashboard way: Check your notes (if you kept any). Check Slack history. Start scrolling through zones and hoping.

{P}eelOps way: Search for any part of the IP range. Find it immediately.

"Find All Rules Created by the Former Admin"

Someone left six months ago. Audit wants to review everything they configured. Their email is in the "created by" field somewhere.

Dashboard way: This is your afternoon now.

{P}eelOps way: Search for their email. Export the results. Done before lunch.

"What Changed in Our WAF Last Week?"

Something broke. You think a rule was modified. But which one? When?

Dashboard way: You'd need to check each rule's modification date individually. Across all zones.

{P}eelOps way: Run the command today and compare to last week's execution. See exactly what changed, highlighted in color.

Beyond Cloudflare

This pattern shows up in other dashboards too - not always "no search," but search that doesn't quite get you there:

AWS Security Groups - You can filter by group name, but searching for a specific port or CIDR block across all your security groups? You're clicking into each one individually.

Okta Applications - Search by app name works fine. But "which apps use this specific SAML configuration?" or "which apps have this policy attached?" - that's a manual review.

CrowdStrike - Falcon's search is actually decent. But exporting results or comparing policies over time? Back to screenshots and spreadsheets.

The issue isn't always "no search exists." It's that the search doesn't go deep enough, or the results can't be exported, or you can't compare what changed since last week.

The Actual Solution

{P}eelOps pulls data directly from APIs. No UI limitations. No pagination. No "search not available."

Once you have the data:

  • Search everything - Full-text search across the entire response
  • Filter precisely - Find exactly what you need
  • Compare over time - Track what changed and when
  • Export instantly - JSON, CSV, Excel. One click

The dashboard is fine for quick changes and visual overviews. But when you need to find something specific in a sea of configurations, you need search.

Real search. Not "scroll and hope."

Try It

Next time you're staring at a cloud dashboard with no search box, wondering how you're supposed to find one rule among hundreds:

  1. Connect the service to {P}eelOps
  2. Run the list command
  3. Search

Your eyes will thank you. Your afternoon will thank you. And whoever's waiting for you to find that blocking rule will definitely thank you.

Enjoyed this post?

Subscribe to get new posts and product updates delivered to your inbox.