◆ WAF Testing Environment

CloudSecure Demo Store

A purpose-built application for Cloudflare WAF testing, training, and live demonstrations

Login & Auth

SQLi detection, brute force protection, credential stuffing rules

Search & XSS

Reflected XSS, HTML injection, input sanitization rules

REST API

Rate limiting, schema validation, API shield testing

File Upload

Malicious payload upload detection and blocking

Admin Panel

Path-based access control, custom WAF rules

Reviews

Stored XSS and content injection vectors

Test Scenarios
Each page exercises specific Cloudflare WAF features. Use the navigation to explore each attack surface.
EndpointWAF FeaturesExample Payload
/loginSQLi rules, brute force rate limiting' OR 1=1 --
/searchReflected XSS, HTML injection<script>alert(1)</script>
/productsParameter tampering, path traversal../../etc/passwd
/api/productsRate limiting, API abuseRapid repeated requests
/uploadMalicious file uploadPHP webshells, .exe files
/adminAccess control, IP restrictionsCustom rule blocking
/reviews/:idStored XSS, content injection<img onerror=alert(1)>