IT OPS
Cloudflare WAF Change Slack Approval Gate
Intercepts every proposed Cloudflare WAF ruleset edit, posts a diff to Slack for human sign-off, and only pushes the change to Cloudflare after an approver clicks Approve.
How it runs
The automated pipeline, trigger to output.
- TriggerProposed WAF rule change receivedHTTP webhook
- LogicFetch current ruleset and compute diffCloudflare
- ActionPost diff to Slack with Approve/Reject buttonsSlack
- LogicWait for approval decision and branch
- ActionApply ruleset update to CloudflareCloudflare
- OutputPost final result to Slack threadSlack
What it does
This workflow puts a human approval gate in front of Cloudflare WAF custom ruleset changes. When a proposed rule edit arrives via webhook, it renders a readable before/after diff, posts it to a Slack approvals channel with Approve/Reject buttons, and blocks the actual Cloudflare write until someone signs off.
When to use it
Use it when your team edits WAF rules directly in the dashboard or via API and you want a paper trail plus a second pair of eyes before anything touches production traffic. Ideal for teams under change-management or SOC 2 controls.
How it works
- 1A webhook receives the proposed ruleset payload (zone, ruleset ID, new expression).
- 2A logic step fetches the current ruleset from Cloudflare and computes a field-level diff.
- 3The diff and risk notes are posted to Slack with interactive Approve/Reject buttons.
- 4A logic gate waits for the button response and branches.
- 5On approval, the workflow calls Cloudflare to apply the ruleset update.
- 6The final outcome (applied or rejected, with the approver name) is posted back to the Slack thread.
Set it up
What you configure once, before turning it on.
- 1Connect HTTP webhookTrigger any URL on agent actions.
- 2Connect CloudflareWorkers, Pages, R2, KV — the edge stack.
- 3Connect SlackChannels, DMs, threads, mentions.
- 4Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
- 5Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
- 6Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.
More IT Ops workflows
Outlook Room Conflict Resolver with Approval Gate in Teams
When an Outlook room clashes, proposes a rebooking and asks the bumped meeting's organizer to approve the move in Microsoft Teams before any change is made.
Outlook Room Double-Booking Resolver with Auto-Rebook
Detects when two meetings claim the same Outlook room resource and automatically relocates the lower-priority meeting to a comparable free room.
Self-Service Reclaim Email for Idle Users
Detects users idle in a SaaS app past the threshold and emails each one a keep-or-release link; unanswered seats after the deadline are auto-flagged for removal.
Reconcile SSO logins against expense spend to find unmanaged tools
Joins SSO usage data with expense/payment records in Snowflake to surface tools that are being used but not paid for, or paid for but never logged.
Indoor Air Quality Breach to Tenant Notice and Work Order
Listens for CO2, VOC, or humidity sensor alerts via webhook, and when a zone exceeds occupant-safety limits it emails affected tenants, opens a Monday remediation task.
Daily Building Anomaly Digest to MS Teams
Each morning queries BigQuery for the prior day's flagged sensor anomalies, summarizes them by site and system into a ranked briefing.
Run it inside a business
This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.
Run this workflow in your colony.
14-day trial. No DevOps. No Sales call. Provisioned in under a minute.