Attacks not being stopped by the WAF


I have seen a number of attacks that seem to pass through the cloudflare WAF but are being stopped by our insite WAF. The latest was the WordPress Filemanager vulnerability. Is this normal? Is there anyway to create custom WAF rules?


How about a Firewall Rule? If you’re not using that plugin, than block any requests with it in the path.


Both set as log/simulate. Change those rules to suit your requirement.

Thank you for the responses. I shall investigate those beta rules and possibly the firewall rule.

This topic was automatically closed after 30 days. New replies are no longer allowed.