We have some questions regarding Cloudflare OWASP Core Ruleset configuration.
First, what are the recommended and most common configurations?
Next, for the following 2 settings:
OWASPE Anomaly Score - Is “Low - 60 or higher” or “High - 25 and higher” the least strict?
OWASP Paranoia Level - Is PL1 or PL4 the least strict?
First, what are the recommended and most common configurations?
We’d like to assist, but there is no one size fits all solution for using Cloudflare. Each domain has a different set of requirements based on its framework, content and usage patterns. The default settings we use for each domain are the best catch-all settings we’re able to provide.
Next, for the following 2 settings:
OWASPE Anomaly Score - Is “Low - 60 or higher” or “High - 25 and higher” the least strict?
For OWASP Anomaly Score: “Low - 60 or higher” is the least strict. This means any OWASP rules violations are allowed until the cumulative score reaches 60.
OWASP Paranoia Level - Is PL1 or PL4 the least strict?
For OWASP Paranoia Level: PL1 is the least strict.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.