I am currently operating a standard wordpress blog as a news publication.
Looking at the Cloudflare specials ruleset in WAF I have noticed quite a few of these that arer not turned on by default.
I understand some dont apply to me due to being for a different CMS. Howerver, I would like to list some of these (that are not turned on by default) and request some advise in regards to if I can/should turn these on. (Block)
These are
Drupal, Wordpress - DoS - XMLRPC - CVE:CVE-2014-5265, CVE:CVE-2014-5266, CVE:CVE-2014-5267
Wordpress - DoS - CVE:CVE-2018-6389
Wordpress - REST API - Invalid Post ID - Body
Wordpress - REST API - Invalid Post ID - Rest Route
Anomaly:Body - Large
Anomaly:Body - ReGeorg webshell
Anomaly:Header:Accept - Invalid
Anomaly:Header, Anomaly:URL - Invalid UTF-8 Encoding - All
Anomaly:Header:Content-Type
Anomaly:Header:Content-Type - Missing
Anomaly:Header:User-Agent, Anomaly:Header:Referer - Missing or empty
Anomaly:Header:User-Agent - Empty
Anomaly:Method - Unknown HTTP Method
Anomaly:Method - Unusual HTTP Method
Anomaly:URL:Path - Multiple Slashes, Relative Paths, CR
Anomaly:URL:Query String - Multiple Slashes, Relative Paths, CR, LF or NULL
Anomaly:URL:Query String - Relative Paths
Apache HTTP Server - Server-Side Includes
Apache Struts - Code Injection - CVE:CVE-2018-11776
Command Injection - Sleep
File Inclusion - Double Slash Path
jQuery File Upload - Dangerous File Upload - Backdoor
PHP - Anomaly:Header, Anomaly:URL - NULL Byte - CVE:CVE-2020-7066
PHP - Code Injection
SQLi - Ending Comment
XSS, HTML Injection
XSS, HTML Injection - Data URI
XSS, HTML Injection - IFrame Tag and Src Attribute
XSS, HTML Injection - Object Tag
Anomaly:Header:Accept - Missing or Empty
Anomaly:Header:Content-Length - Missing in POST
Anomaly:Header:X-Forwarded-Host
Apache JXPath Library - Code Injection - CVE:CVE-2022-41852
Template Injection
Noted -
-
I have left many out (dont apply to me I think)
-
There were also some options such as XSS, HTML Injection that show up more than once but with a different rule id
eg
XSS, HTML Injection
b910aec795a44492b783da68301de41f
XSS, HTML Injection
882b37d6bd5f4bf2a3cdb374d503ded0
As above I was not able to look up what the difference was between these two and nothing to reference 882b37d6bd5f4bf2a3cdb374d503ded0 for example
About my wordpress site.
Standard Blog.
No users
Wordfence
Google News req RSS
No sales or other services
Uses an external backup system
cPanel shared hosting with security meaures and modsec enabled
Does nothing else special