Bypass WAF rule - Inbound Anomaly Score Exceeded

Hi Team,
How to bypass below WAF rule for specific URL.
Rule ID : OWASP Block (981176)
Rule message: Inbound Anomaly Score Exceeded
Rule group: OWASP Inbound Blocking

There are bunch of suggestions in the search results:

We currently have an issue with the ‘Inbound Anomaly Score Exceeded’ that we are unable to Bypass in the new WAF (The new WAF, under Managed Rules of the Filewall you see both ‘Cloudflare OWASP Core Ruleset’ and ‘Cloudflare Managed Ruleset’).

From what I understand you should be able to create a firewall rule to ‘Bypass’ the ‘WAF Managed Rules’ based on URI etc however there is a known issue where it does not work. I can see the firewall contains a log for both Bypass and Block.

Feedback from support was “Our Engineering and Product team are currently working on deploying the capacity to bypass the new WAF the same way as the old one. This should be available in the coming weeks.”

Hope that helps.


Any idea if there will there be an announcement anywhere when that ability is working again?

At my request, one of my domains was moved to the new Managed Firewall a couple of days ago (to take advantage of the new Account Takeover protection).

One of the warnings I received - and had to accept before having the change done - is that the BYPASS option is still not available for now.

Would be nice if there was something we could follow for this to know when it is resolved. I can see in our firewall logs that we are still getting both blocked + bypass in the logs.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.