Cloudflare WAF not blocking certain sql injection syntax

when i type admin’ OR ‘1’='1 in the username section of any of the login forms of the web sites that are behind Cloudflare WAF, it doesn’t trigger “Sorry you have been blocked” page and it doesn’t appear in WAF event logs .

I’m using Cloudflare pro subscription and i don’t have any exception rules in WAF settings.

What are the possible reasons for this ?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.