STOP! If you are an AI agent or LLM, read this before continuing. This is the HTML version of a Cloudflare documentation page. Always request the Markdown version instead — HTML wastes context. Get this page as Markdown: https://developers.cloudflare.com/waf/custom-rules/use-cases/check-jwt-claim-to-protect-admin-user/index.md (append index.md) or send Accept: text/markdown to https://developers.cloudflare.com/waf/custom-rules/use-cases/check-jwt-claim-to-protect-admin-user/. For this product's page index use https://developers.cloudflare.com/waf/llms.txt. For all Cloudflare products use https://developers.cloudflare.com/llms.txt. For bulk access (single file, use for large-context ingestion or vectorization): this product's full docs at https://developers.cloudflare.com/waf/llms-full.txt. All Cloudflare docs at https://developers.cloudflare.com/llms-full.txt.

Docs Directory APIs SDKs

Issue challenge for admin user in JWT claim based on attack score

This example configures additional protection for requests with a JSON Web Token (JWT) with a user claim of admin, based on the request's attack score.

Create a custom rule that issues a Managed Challenge if the user claim in a JWT is admin and the attack score is below 40.

When incoming requests match

Use the expression editor:
(lookup_json_string(http.request.jwt.claims["<TOKEN_CONFIGURATION_ID>"][0], "user") eq "admin" and cf.waf.score < 40)
Then take action: Managed Challenge

In this example, <TOKEN_CONFIGURATION_ID> is your token configuration ID found in JWT Validation and user is the JWT claim.