I’m trying to make some changes on my site since upgrading to the Cloudflare pro plan but i can see in the WAF event history that the path /wp-admin/admin-ajax.php is being blocked by the managed ruleset “Cloudflare OWASP Core Ruleset”.
If i disable this ruleset i can successfully save changes on the site.
I tried reducing he anomaly score & the paranoia level to the minimum but i still get the same issue of being unable to save changes on the site.
How can i fix this? What rule must i add?
May I ask what priority you’ve got selected? 
Ou, a bit strange out there. I don’t have any issues on multiple paid zones using WP.
May I ask if the request come from your origin host/server, or rather you as the “user/admin”?
Not sure why it happens, however just in case, since it’s related to the WordPress, I’d suggest you to whitelist your origin host / server / hosting IP address by navigating to the Security → WAF → Tools → IP Access Rules with the action “allow” for your Website and try again.
It knows to happen due to the WordPress using HTTP/1.0 and empty user-agent, therefore while executing WP-Cron or some other related JSON/REST API request via plugin which triggers the WAF rules (as it should normally).
The other way would be to Override the specific rule.
Kindly, may I ask you to share the rule ID or Ruleset ID here with us?
Hi fritex, thanks for your reply!
The priority is second under the Cloudflare managed ruleset, this was the default setting.
The request is coming from my ip as the user/admin.
I have set the ip access rule as per your suggestion but still having the same issue.
The details are below if you can provide any further insights or suggestions?
** Service*
Managed rules
** Action taken*
Managed Challenge
** * Ruleset*
Cloudflare OWASP Core Ruleset
…c25d2f1f
949110: Inbound Anomaly Score Exceeded
…843b323c
** OWASP score*
111
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.