Skip to content

Managed Lists

Cloudflare provides Managed Lists you can use in rule expressions. These lists are regularly updated.

Managed IP Lists

Use Managed IP Lists to access Cloudflare’s IP threat intelligence.

Cloudflare provides the following Managed IP Lists:

Display nameName in expressionsDescription
Cloudflare Open Proxiescf.open_proxiesIP addresses of known open HTTP and SOCKS proxy endpoints, which are frequently used to launch attacks and hide attackers identity.
Cloudflare Anonymizerscf.anonymizerIP addresses of known anonymizers (Open SOCKS Proxies, VPNs, and TOR nodes).
Cloudflare VPNs1cf.vpnIP addresses of known VPN servers.
Cloudflare Malwarecf.malwareIP addresses of known sources of malware.
Cloudflare Botnets, Command and Control Serverscf.botnetccIP addresses of known botnet command-and-control servers.

Footnotes

  1. Cloudflare primarily detects VPN traffic that passes through our public resolver at 1.1.1.1. Additionally, Cloudflare can identify major VPNs based on their published IP addresses. Managed Lists for VPNs allow you to block these categories of detected VPNs. However, it’s important to clarify that Cloudflare does not detect and block all VPNs at this time. Cloudflare is continually working to improve our detection capabilities and expand our coverage to include a wider range of VPN services.