I’m trying to make some changes on my site since upgrading to the Cloudflare pro plan but i can see in the WAF event history that the path /wp-admin/admin-ajax.php is being blocked by the managed ruleset “Cloudflare OWASP Core Ruleset”.
If i disable this ruleset i can successfully save changes on the site.
I tried reducing he anomaly score & the paranoia level to the minimum but i still get the same issue of being unable to save changes on the site.
It knows to happen due to the WordPress using HTTP/1.0 and empty user-agent, therefore while executing WP-Cron or some other related JSON/REST API request via plugin which triggers the WAF rules (as it should normally).
The other way would be to Override the specific rule.
Kindly, may I ask you to share the rule ID or Ruleset ID here with us?