Cloudflare Zone Security Policy Comparison

Zones Compared

Common Rules

Total Deltas

17%

Consistency Score

Setting Differences

Zone Overview

cbre.com

Total security rules: 5

IP access rules: 2

Page rules: 0

Settings tracked: 7

WAF Custom Rules 3

WAF Managed Rules 1

Rate Limiting Rules 1

DDoS L7 Protection 0

Super Bot Fight Mode 0

cbre-facilities.com

Total security rules: 4

IP access rules: 2

Page rules: 0

Settings tracked: 7

WAF Custom Rules 3

WAF Managed Rules 1

Rate Limiting Rules 0

DDoS L7 Protection 0

Super Bot Fight Mode 0

cbre-investors.com

Total security rules: 3

IP access rules: 1

Page rules: 0

Settings tracked: 7

WAF Custom Rules 2

WAF Managed Rules 1

Rate Limiting Rules 0

DDoS L7 Protection 0

Super Bot Fight Mode 0

WAF Custom Rules

http_request_firewall_custom

cbre.com: 3 rulescbre-facilities.com: 3 rulescbre-investors.com: 2 rules

Identical (1) Divergent (1) Partial (0) Unique (2)

✅ Identical Across All Zones

block Enabled

Block known bad IP

ip.src in {1.2.3.4}

⚠️ Same Expression, Different Configuration

Expression: cf.bot_management.score lt 20

challenge Enabled cbre.com

Challenge low bot score

cf.bot_management.score lt 20

block Enabled cbre-facilities.com

Block low bot score

cf.bot_management.score lt 20

🔶 Zone-Specific Rules (Not in Other Zones)

cbre.com

managed_challenge Enabled

Protect admin

http.request.uri.path contains "/admin"

cbre-facilities.com

js_challenge Enabled

JS challenge China traffic

ip.geoip.country eq "CN"

WAF Managed Rules

http_request_firewall_managed

cbre.com: 1 rulescbre-facilities.com: 1 rulescbre-investors.com: 1 rules

Identical (1) Divergent (0) Partial (0) Unique (0)

✅ Identical Across All Zones

execute Enabled

Deploy OWASP Core Ruleset

true

Executes ruleset: efb7b8c949ac4650...

Rate Limiting Rules

http_ratelimit

cbre.com: 1 rulescbre-facilities.com: 0 rulescbre-investors.com: 0 rules

Identical (0) Divergent (0) Partial (0) Unique (1)

✅ Identical Across All Zones

No identical rules found across all zones.

🔶 Zone-Specific Rules (Not in Other Zones)

cbre.com

block Enabled

Rate limit login

http.request.uri.path eq "/api/login"

DDoS L7 Protection

ddos_l7

cbre.com: 0 rulescbre-facilities.com: 0 rulescbre-investors.com: 0 rules

Identical (0) Divergent (0) Partial (0) Unique (0)

✅ Identical Across All Zones

No identical rules found across all zones.

Super Bot Fight Mode

http_request_sbfm

cbre.com: 0 rulescbre-facilities.com: 0 rulescbre-investors.com: 0 rules

Identical (0) Divergent (0) Partial (0) Unique (0)

✅ Identical Across All Zones

No identical rules found across all zones.

Zone Security Settings

⚠️ Settings That Differ Between Zones

Setting	cbre.com	cbre-facilities.com	cbre-investors.com
browser_check	on	off	on
challenge_ttl	1800	3600	1800
min_tls_version	1.2	1.2	1.0
security_level	medium	high	medium
ssl	full	strict	full
tls_1_3	on	on	zrt

✅ Identical Settings

Show identical settings (1 items)

Setting	Value (all zones)
always_use_https	on

IP Access Rules

Common (1) Unique (2) Partial (0)

🔶 Zone-Specific IP Rules

cbre.com

block ip: 192.168.99.1 Known attacker

cbre-facilities.com

block ip: 5.6.7.8 Suspicious scanner

🛡️ Cloudflare Zone Security Policy Comparison

Zone Overview

cbre.com

cbre-facilities.com

cbre-investors.com

WAF Custom Rules

✅ Identical Across All Zones

⚠️ Same Expression, Different Configuration

🔶 Zone-Specific Rules (Not in Other Zones)

cbre.com

cbre-facilities.com

WAF Managed Rules

✅ Identical Across All Zones

Rate Limiting Rules

✅ Identical Across All Zones

🔶 Zone-Specific Rules (Not in Other Zones)

cbre.com

DDoS L7 Protection

✅ Identical Across All Zones

Super Bot Fight Mode

✅ Identical Across All Zones

Zone Security Settings

⚠️ Settings That Differ Between Zones

✅ Identical Settings

IP Access Rules

🔶 Zone-Specific IP Rules

cbre.com

cbre-facilities.com