Step 1: Use the new Dashboard UI (note: it's also available in the old one but different UI)

Navigate to: Security > Settings > Web Attack exploits

Step 2.1 (optional): If needed, add a cf-llm endpoint

If no LLM endpoint has been discovered and you want to test, manually create one in API Shield/ web assets with the label cf-llm. For example:

Step 3: look at Security Analytics

In the new Security Analytics view:

You can filter traffic using the cf-llm label from Managed Endpoints Label. (only available in the new nav)

• You can filter traffic using the cf-llm label from Managed Endpoints Label. (only available in the new nav

• You'll see fields for detected PII prompt data and associated PII categories.
• You'll see more data if you expand the sampled logs > Request Analyses.

Step 4: test that it's working

You can memic sending a prompt using the following curl command (replace theburritobot.com/test_firewall_ai with your zone and endpoint):

Basic Prompt (Triggers first rule):

**curl -X POST "[http://theburritobot.com/test_firewall_ai](http://theburritobot.com/test_firewall_ai)" -d "Testing the log rule of prompt found"**

---

---

PII Prompt (Triggers all 3 rules):

**curl -X POST "[http://theburritobot.com/test_firewall_ai](http://theburritobot.com/test_firewall_ai)" -d "Testing the log rule of prompt found"**

---

Step 5: deploy mitigation

Adjust the log rules to take block action if you want to prevent certain prompts entirely (e.g., those containing PII).

Examples:

Block all prompts with PII

• Block all prompts with PII
• Block PII but allow specific categories (e.g., allow LOCATION)

How to test Firewall for AI feature