Cloudflare WAF False Positives

system · April 1, 2025, 5:15pm

Apr 1, 19:42 UTC
Resolved - This issue is now resolved.

Apr 1, 17:31 UTC
Monitoring - We have disabled the rule in question, and the rate of false positives is decreasing. We are monitoring.

Apr 1, 17:03 UTC
Identified - Cloudflare has identified an issue with the managed ruleset "Apache Camel - Remote Code Execution - CVE:CVE-2025-29891" which is potentially causing false positives. Customers can disable this rule by setting Action -> Log in the Cloudflare Dashboard. Other WAF rules are unaffected. We are currently working on a fix for this issue.

This is a companion discussion topic for the original entry at https://www.cloudflarestatus.com/incidents/gshczn1wxh74

system · April 2, 2025, 5:16pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cloudflare WAF Managed Rule issue Cloudflare Status	1	43	September 12, 2024
CVE-2021-44228 - Log4j RCE 0-day mitigation Security Blog , Log4J	11	4694	December 29, 2021
Waf client - how do we know if we are a waf client? Security	3	2573	December 14, 2021
Question About New WordPress Vulnerabilities (CVEs) Security	2	1114	February 6, 2023
Understanding WAF 100173 causes to troubleshoot possible false positive Security	3	5031	June 11, 2020

Cloudflare WAF False Positives

Related topics