Normal Request Test
Send a normal request to prove that the website still works when WAF is enabled.
Sample payload
q=hello
Cyber Security Demo
Web Application Firewall Demo for Protecting Websites from Application-Layer Attacks
This landing page simulates a website placed behind Cloudflare WAF to test its ability to detect, block, and log malicious requests such as XSS, SQL Injection, and sensitive file access.
Layer
Application-layer protection
Goal
Block threats before origin
Logs
Security Events visibility
Request Flow
User / Attacker â Cloudflare WAF â Origin Server
đ¤
User / Attacker
Sends a request to the website.
đĄī¸
Cloudflare WAF
Analyzes the request and applies security rules.
Valid requests are forwarded.
Malicious requests are blocked or challenged.
đĨī¸
Origin Server
Receives only filtered, allowed traffic.
Overview
Demo Objectives
A concise explanation of what this demo is designed to prove during the presentation.
đ
Detect Malicious Requests
Inspect URI paths, query strings, and headers for suspicious attack patterns.
đĢ
Block XSS Attacks
Prevent script injection attempts before they reach the origin server.
đ
Block SQL Injection Attacks
Stop common query tampering payloads that target application inputs.
đ
Log Security Events
Record blocked requests in Cloudflare Security Events for later review.
Architecture
Cloudflare WAF Deployment Architecture
Cloudflare acts as a protective layer between users and the origin server. All incoming requests are inspected by the WAF before they reach the website server.
đ¤
Client
User / Attacker
Request
â
đĄī¸
Protection Layer
Cloudflare WAF
Inspection & Filtering
Forward
â
đĨī¸
Infrastructure
Origin Server
đĄ
Request Flow
How the request moves through the protection layer.
-
Step 1
The user sends a request to the domain.
-
Step 2
DNS is routed through Cloudflare, so the request reaches Cloudflare first.
-
Step 3
WAF inspects the URI, query string, headers, and security rules.
-
Step 4
Valid requests are forwarded, while malicious requests are blocked and logged.
Testing
WAF Testing Area
Use the buttons below to trigger real GET requests based on the current domain. These requests can then be inspected and blocked by Cloudflare WAF.
XSS Payload Test
Send an XSS payload in the query string to test script-blocking rules.
Sample payload
<script>alert(1)</script>
SQL Injection Test
Send a basic SQL Injection payload through the query string.
Sample payload
' OR '1'='1
Sensitive File Access Test
Simulate an attempt to access a sensitive configuration file.
Sample payload
/.env
WordPress Config Access Test
Simulate unauthorized access to the WordPress configuration file.
Sample payload
/wp-config.php
âšī¸
How to use this section
Clicking a test button performs a real GET navigation to the current domain, allowing WAF inspection and logging.
Forms
Simulated User Request Forms
These forms simulate how attackers interact with website inputs. Submissions are real GET requests, so Cloudflare WAF can inspect them.
Search Form (GET)
NormalLogin Form (GET)
WarningContact Form (GET)
WarningRules
Recommended Cloudflare Custom Rules
These example rules are written for the Cloudflare dashboard and are suitable for a live demo presentation.
Rule 1: Block XSS Demo
Expression-based rule
Expression:
lower(http.request.uri.query) contains "<script"
Action:
BlockRule 2: Block SQL Injection Demo
Expression-based rule
Expression:
lower(http.request.uri.query) contains "or '1'='1"
or lower(http.request.uri.query) contains "union select"
Action:
BlockRule 3: Block Sensitive File Access
Expression-based rule
Expression:
http.request.uri.path contains "/.env"
or http.request.uri.path contains "/wp-config.php"
Action:
BlockResults
Expected Results
A comparison of how requests behave before the WAF is enabled and after Cloudflare begins filtering malicious traffic.
| Attack Type | Before WAF is enabled | After WAF is enabled |
|---|---|---|
| Normal request | The website may receive the request or return a normal response. | Valid requests are allowed. |
| XSS payload | The website may receive the request or return a normal response. | Malicious requests are blocked or challenged by Cloudflare. |
| SQL Injection payload | The website may receive the request or return a normal response. | Malicious requests are blocked or challenged by Cloudflare. |
| Access to /.env | The website may receive the request or return a normal response. | Malicious requests are blocked or challenged by Cloudflare. |
| Access to /wp-config.php | The website may receive the request or return a normal response. | Malicious requests are blocked or challenged by Cloudflare. |
Logs
Checking Logs in Cloudflare Security Events
Use the Security Events dashboard to verify blocked traffic and inspect the details of each request.
Steps
-
1
Open the Cloudflare Dashboard.
-
2
Select the demo domain.
-
3
Go to Security â Events.
-
4
Filter by Action = Block.
-
5
Check the details: Time, Client IP, Host, Path, Rule name, and Action.
Fake Log Table
Sample entries for presentation purposes
| Time | Client IP | Path | Rule | Action |
|---|---|---|---|---|
| Just now | 203.0.113.18 | /search?q=<script>alert(1)</script> | Block XSS Demo | Block |
| 2 mins ago | 198.51.100.42 | /search?id=1' OR '1'='1 | Block SQL Injection Demo | Block |
| 5 mins ago | 192.0.2.64 | /.env | Block Sensitive File Access | Block |
| 12 mins ago | 203.0.113.7 | /search?q=hello | N/A (Allowed) | Allowed |
đ¤
Presentation
Short Presentation Script
This website is placed behind Cloudflare WAF to demonstrate application-layer protection.
Normal requests are still allowed, so legitimate users can continue to access the website without disruption.
When malicious payloads such as XSS, SQL Injection, or sensitive file access are sent, Cloudflare can block or challenge them before they reach the origin server.
Blocked requests are recorded in Cloudflare Security Events, which helps us review the attack details later.
This proves that a WAF adds an important security layer for protecting websites from common application-layer attacks.