What are the key configuration differences between Cloudflare WAF rules and DDoS mitigation rules?

WAF rules are configured to target specific application-layer attacks, often using rulesets and custom rules to inspect request parameters and payloads. DDoS mitigation rules are configured to manage traffic volume, rate limits, and apply challenge responses based on various traffic characteristics, such as source IP address, request frequency, and more holistic behavior patterns to identify and mitigate attacks.