Improving the dashboard experience of configuring and managing the Web Application Firewall

The Cloudflare Web Application Firewall (WAF) was updated during 2020, making it possible for customers to adjust the WAF to meet the specific requirements of their applciations. We updated the dashboard experience to reflect the new capabilities of the WAF.

Working methodoligiesBelonging to the Emerging Technologies and Incubation group at Cloudflare, the development process of WARP highly emphasised speed-to-market above all else. This was the definintion of a "fast-paced environment" — quickly producing development ready specs, clearly outlining any risks or assumptions, and making UX decisions based off of best practice.

    Platforms
  • Web browser
    Total App Installations
  • 15+ Million

Identifying the tasks customers are trying to complete

Cloudflare supports a range of customers — individual developers or hobbyists, small/medium-sized businesses where it’s common for a developer to fulfil multiple roles and responsibilities, through to large global enterprises where often there is an entire department dedicated to information security.

To help myself and other members of the product development team better empathise with our range of customers, we use a technique known as Job Stories to further decompose the problem we're solving. Job Stories, unlike user persona or user stories allow us to focus on the users situation, motivation, and desired outcome.

We conducted interviews with a handful of customers directly, but we also supplemented them by interviewing members of our Solutions Engineering team. They help customers configure Cloudflare to meet their requirements and therefore have a direct connection to multiple customers themselves. From the various interviews we identified the following job stories among many:

  • When onboarding with Cloudflare, I want to quickly turn on the WAF and use the default settings so I can proceed to configuring the rest of the Cloudflare features.
  • When refining and tuning the configuration of my zone, I only want to configure the rules I’m interested in so I can reduce the potential number of false positive results.

“I only want to configure the rules I’m interested in.”

To help myself and other members of the product development team better empathise with our range of customers, we use a technique known as Job Stories to further decompose the problem we're solving. Job Stories, unlike user persona or user stories allow us to focus on the users situation, motivation, and desired outcome.

Introducing new Dashboard capabilities

Tag management

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Morbi tincidunt ornare massa eget. Sem et tortor consequat id porta.

Bulk action

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Morbi tincidunt ornare massa eget. Sem et tortor consequat id porta.

The structure of the application

Simplifying the IA

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Morbi tincidunt ornare massa eget. Sem et tortor consequat id porta.

How we worked

A distributed team

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Morbi tincidunt ornare massa eget. Sem et tortor consequat id porta.

Multiple iterations

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Morbi tincidunt ornare massa eget. Sem et tortor consequat id porta.

To comply with my non-disclosure agreement, I have omitted and obfuscated confidential and proprietary information. The information in this case study is my own and does not necessarily reflect the views of Cloudflare.