Web Application Firewalls, including Cloudflare's WAF, can be an important part of securing internet facing applications. However, for them to be effectively implemented, a strong understanding of the rules being applied, their relevance to the application being protected, and how the WAF handles traffic is required.
As there are many different WAF vendors each with differing configuration options and considerations, it is not possible for Schoolbox to provide exact advise on how to configre your WAF. Indeed, due to continual updates both by Schoolbox, and your WAF vendor, any specific guides would become out of date almost immediately upon publication. However, as our knowledge of different considerations grows, these will be documented below for reference.