I am looking at my OWASP ruleset. and there is so much in there. I was wondering if the default settings out of the box for the Cloudflare pro accounts are already set to the recommedend settings?
Going through them all I have noticed many aee set to disabled and not blocking anything. While attempting to look up each one via the ID for example ;
WP0015 Wordpress - XSS - CVE:CVE-2015-3440 Cloudflare WordPress Disable (This option is disabled) - I have searched for it Cloudflare and it brings me to a very confusing page. One of them in my chain of search is
So, What I am trying I trying to do is search each EG. WP0015 number for example to try and learn about each one, what it does, and if I should turn it on. However, many do say depeciated (is this because a new rules now superseeds it?)
There are quite a few turned off (disabled) some seem obvious to keep off. But many give me no or conficting information if the Cloudflare help pages.
Where can I go on Cloudflare to look up each one correctly ?
Another example. This one by default is actually turned off. (disable) Wordpress - DoS - XMLRPC
Im pretty sure I have seen in many other places that an attack can happen on this. So I am thinking this should be turned on. However, A little confused why this is turned off by default