Cloudflare WAF โ Edge Security Track
WAF + Bot Management + DDoS + Zero Trust + API Shield. The whole Cloudflare security stack, hands-on.
Who Is This For
- Web / SRE / DevOps engineers protecting public apps
- WAF / WebSec engineers tired of legacy appliance WAFs
- Cloud security engineers building edge protection
- Architects deploying Zero Trust for SaaS & private apps
Prerequisites
- HTTP / HTTPS, DNS basics
- OWASP Top 10 awareness (we'll recap)
Full Syllabus โ 12 Modules
M 1Cloudflare Architecture & Anycast Network
- Anycast network, edge / origin model
- Plan tiers โ Free / Pro / Business / Enterprise
- Onboarding a domain, name-servers, DNSSEC
- Page Rules vs Rulesets (modern config)
M 2DNS, SSL/TLS & Origin Hardening
- Cloudflare DNS, CNAME flattening
- SSL modes โ Off / Flexible / Full / Full Strict
- Origin certificates, Authenticated Origin Pulls
- Argo Tunnel (Cloudflare Tunnel) for origin protection
M 3Cloudflare WAF โ Managed Rulesets
- WAF Managed Rules, Cloudflare OWASP Core Ruleset
- Sensitivity, action overrides
- Exposed credential checks
- Sanitizing false positives
M 4WAF โ Custom Rules & Rate Limiting
- Custom rule expressions (wirefilter)
- Rate Limiting rules, advanced response config
- Geo / ASN / threat-score targeting
- Logging custom fields
M 5DDoS Protection (L3 / L4 / L7)
- Built-in DDoS rulesets
- HTTP DDoS Attack Protection sensitivity
- L3 / L4 protection on Magic Transit / Spectrum
- Under Attack Mode & Challenge pages
M 6Bot Management
- Bot score, fight mode, JS detection
- Verified bots, super bot fight mode
- Turnstile (CAPTCHA replacement)
- Bot Analytics
M 7API Shield
- API discovery, schema validation
- JWT validation
- Sequence mitigation
- mTLS for API endpoints
M 8Cloudflare Access โ ZTNA
- Identity providers (Azure AD, Okta, Google)
- Application policies โ self-hosted, SaaS, private
- Service tokens for API automation
- WARP client basics
M 9Cloudflare Gateway โ SWG
- DNS, network and HTTP policies
- Identity-aware proxy, browser isolation
- Tunnel + Gateway + WARP combined
M 10Workers, Transform Rules & Logpush
- Workers basics for security routing
- Transform Rules โ request / response header rewrites
- Logpush to S3, GCS, SIEM
M 11Real-World Operations & Troubleshooting
- WAF false positives โ methodical tuning
- Origin offload / cache strategies
- Debug headers (cf-ray, cf-cache-status)
- Investigating attack waves with Firewall Events
M 12Cert Path & Interview Prep
- Cloudflare Certified credentials overview
- L2 / L3 WebSec interview question bank
- Real architecture review questions
What You Get
40 Hours
Live + recorded sessions for the entire Cloudflare stack.
Hands-on Labs
Cloudflare free tier โ you'll onboard a domain, deploy WAF, Access, Tunnel.
Real Case Studies
L7 DDoS mitigation, WAF false positive tuning, Bot management, API discovery.
Interview Q&A
L2 / L3 WebSec question bank.
Certificate
Techclick Infosec course completion certificate.
WhatsApp Group
Doubt-clearing batch group with the trainer.
Your Instructor
Trained by working senior cloud and network security engineers with 13+ years of hands-on enterprise experience across Palo Alto, Zscaler, Fortinet, F5, Cisco ISE, Cloudflare and large-scale deployments.
FAQ
Q 1Will I need to pay for Cloudflare?
No. The free tier covers most labs. Some Enterprise-only features (e.g., advanced Bot Management) we walk through in recorded admin demos.
Q 2Hands-on labs?
Yes โ you'll onboard a domain, build WAF rules, deploy Cloudflare Tunnel and Access on your own free account.
Q 3Vendor certification?
We map content to the Cloudflare Certified credentials and give a course completion certificate.
Q 4Duration and batch schedule?
About 40 hours over 5โ6 weeks. WhatsApp us for the next start date.
Q 5Placement help?
CV review and interview prep, not direct placement.
Defend the edge. Master Cloudflare.
Talk to us about the next batch.