Configurations
Both Custom and Managed Lists are located in the account settings. Refer to Features by plan type for more information on plan eligibility.
Using a Custom List is an alternative to creating individual Firewall rules with long lists of IP addresses or other types of identifiers. They are easier to read and update, especially when they are used across many security rules. Lists are often used in conjunction with in-house or third party security feeds.
The following lists are managed by the Cloudflare team and are regularly updated.
| Display name | Name in expressions | Description |
|---|---|---|
| Cloudflare Open Proxies | cf.open_proxies | IP addresses of known open HTTP and SOCKS proxy endpoints, which are frequently used to launch attacks and hide attackers identity. |
| Cloudflare Anonymizers | cf.anonymizer | IP addresses of known anonymizers (Open SOCKS Proxies, VPNs, and TOR nodes). |
| Cloudflare VPNs1 | cf.vpn | IP addresses of known VPN servers. |
| Cloudflare Malware | cf.malware | IP addresses of known sources of malware. |
| Cloudflare Botnets, Command and Control Servers | cf.botnetcc | IP addresses of known botnet command-and-control servers. |
-
Cloudflare primarily detects VPN traffic that passes through our public resolver at 1.1.1.1. Additionally, Cloudflare can identify major VPNs based on their published IP addresses. Managed Lists for VPNs allow you to block these categories of detected VPNs. However, it’s important to clarify that Cloudflare does not detect and block all VPNs at this time. Cloudflare is continually working to improve our detection capabilities and expand our coverage to include a wider range of VPN services. ↩
Refer to Use lists in expressions to learn how to invoke a Managed List.