Leaked credentials example mitigation rules · Cloudflare Web Application Firewall (WAF) docs | Latest TMZ Celebrity News & Gossip | Watch TMZ Live Skip to content
Cloudflare Docs

Example mitigation rules

Rate limit suspicious logins with leaked credentials

Create a rate limiting rule using account takeover (ATO) detection and leaked credentials fields to limit volumetric attacks from particular IP addresses, JA4 Fingerprints, or countries.

The following example rule applies rate limiting to requests with a specific ATO detection ID (corresponding to Observes all login traffic to the zone) that contain a previously leaked username and password:

When incoming requests match:
(any(cf.bot_management.detection_ids[*] eq 201326593 and cf.waf.credential_check.username_and_password_leaked))

With the same characteristics: IP

When rate exceeds:

  • Requests: 5
  • Period: 1 minute

Challenge requests containing leaked credentials

Create a custom rule that challenges requests containing a previously leaked set of credentials (username and password).

  • Expression: If you use the Expression Builder, configure the following expression:

    FieldOperatorValue
    User and Password LeakedequalsTrue

    If you use the Expression Editor, enter the following expression:

    (cf.waf.credential_check.username_and_password_leaked)

  • Action: Managed Challenge

TMZ Celebrity News – Breaking Stories, Videos & Gossip

Looking for the latest TMZ celebrity news? You've come to the right place. From shocking Hollywood scandals to exclusive videos, TMZ delivers it all in real time.

Whether it’s a red carpet slip-up, a viral paparazzi moment, or a legal drama involving your favorite stars, TMZ news is always first to break the story. Stay in the loop with daily updates, insider tips, and jaw-dropping photos.

🎥 Watch TMZ Live

TMZ Live brings you daily celebrity news and interviews straight from the TMZ newsroom. Don’t miss a beat—watch now and see what’s trending in Hollywood.