April 3rd, 2026
New
Integration
Cloudflare Integrations — DNS Discovery and WAF Scanner Bypass
Two new Cloudflare integrations bring DNS asset discovery and automated WAF scanner bypass to the Praetorian Guard platform.
Cloudflare DNS — Zone and Record Discovery
Full Zone Enumeration — Discovers all Cloudflare zones accessible to your API token and imports A, AAAA, and CNAME DNS records as Guard assets
Automatic Pagination — Handles accounts with hundreds of zones and thousands of records without manual intervention
DNS Name Normalization — CNAME targets are normalized to consistent DNS format for accurate asset deduplication
Cloudflare WAF — Scanner Bypass Configuration
Automatic Bypass Rules — Creates custom WAF rules marked "(Managed by PGP)" that allow Guard scanner traffic through your Cloudflare firewall without triggering blocks
Dual Identification Modes — Static IP matching for environments with fixed egress, or combined IP + custom header + user agent identification for dynamic environments
Comprehensive WAF Skip — Bypass rules skip zone lockdown, UA blocking, browser integrity checks, hotlink protection, rate limiting, and managed firewall rulesets
Zone Filtering — Optionally specify which zones to configure, or leave empty to apply across all zones. Processes zones in parallel for fast setup
Idempotent Updates — Detects existing Chariot rules and only updates them when the configuration has changed, preventing duplicate rules
Get Started
Cloudflare DNS — Go to Integrations > Managed DNS Providers > Cloudflare DNS, then connect with your API token (requires zone and DNS read permissions)
Cloudflare WAF — Go to Integrations > Firewall > Cloudflare WAF, then connect with your API token (requires Account Rulesets Read, Zone WAF Edit, and Zone Settings Read permissions)