Issue challenge for admin user in JWT claim based on attack score

This example configures additional protection for requests with a JSON Web Token (JWT) with a user claim of admin, based on the request's attack score.

Create a custom rule that issues a Managed Challenge if the user claim in a JWT is admin and the attack score is below 40.

Expression: (lookup_json_string(http.request.jwt.claims["<TOKEN_CONFIGURATION_ID>"][0], "user") eq "admin" and cf.waf.score < 40)
Action: Managed Challenge

In this example, <TOKEN_CONFIGURATION_ID> is your token configuration ID found in JWT Validation and user is the JWT claim.

Was this helpful?

Resources
API
New to Cloudflare?
Products
Sponsorships
Open Source

Support
Help Center
System Status
Compliance
GDPR

Company
cloudflare.com
Our team
Careers

Tools
Cloudflare Radar
Speed Test
Is BGP Safe Yet?
RPKI Toolkit
Certificate Transparency

Community
X
Discord
YouTube
GitHub

2025 Cloudflare, Inc.
Privacy Policy
Terms of Use
Report Security Issues
Trademark