Managed Lists
Cloudflare provides Managed Lists you can use in rule expressions. These lists are regularly updated.
Use Managed IP Lists to access Cloudflare’s IP threat intelligence.
Cloudflare provides the following Managed IP Lists:
Display name | Name in expressions | Description |
---|---|---|
Cloudflare Open Proxies | cf.open_proxies | IP addresses of known open HTTP and SOCKS proxy endpoints, which are frequently used to launch attacks and hide attackers identity. |
Cloudflare Anonymizers | cf.anonymizer | IP addresses of known anonymizers (Open SOCKS Proxies, VPNs, and TOR nodes). |
Cloudflare VPNs1 | cf.vpn | IP addresses of known VPN servers. |
Cloudflare Malware | cf.malware | IP addresses of known sources of malware. |
Cloudflare Botnets, Command and Control Servers | cf.botnetcc | IP addresses of known botnet command-and-control servers. |
-
Cloudflare primarily detects VPN traffic that passes through our public resolver at 1.1.1.1. Additionally, Cloudflare can identify major VPNs based on their published IP addresses. Managed Lists for VPNs allow you to block these categories of detected VPNs. However, it’s important to clarify that Cloudflare does not detect and block all VPNs at this time. Cloudflare is continually working to improve our detection capabilities and expand our coverage to include a wider range of VPN services. ↩