Do you keep OWASP always enabled?


I would like to create a poll on how many people keep OWASP enabled universally.


I vote for 8,368 people. My guess is probably a little on the low side.


Is there any way to create a POLL here?


Are you looking for assistance regarding the WAF? I’m quite sure a poll on feature usage isn’t going to net accurate results.

When I enable owasp, my traffic drop 40%. So I always remain confuse about enabling owasp. I just want to know if this feature is used widely. I rarely get any block in firewall when I enable owasp.

Where are you measuring this traffic?

If OWASP is blocking requests, you should see those in the Firewall Events Activity Log.

1 Like

thats the confusing part. My traffic always drop in google analytics but there is no log in cloudflare.

May I ask have you looked “users”, “sessions” or “page views” for the metric?

Maybe it’s the “Bot Fight Mode” option, kindly check this.

1 Like

It’s Friday night in the US and I am 5 beers in. So I will rephrase the question and answer it.

How many of you have a new freckle on your left testicle this year?

Exclude > 50% as not having a (left) testicle. Add 40% of the remainder who don’t track it, are too hairy to track or have poor short term memory.

Of the remainder… how many have a dermatologist who tracks their growths and is able to understand and interpret the risks?

If you are running regular SAST, IAST, DAST you will understand your risk and exposure for each release. Add in the value of the data potentially exposed and the maturity of your teams and other defense in depth strategies and you have a baseline for the level of OSASP filtering that might be appropriate for the risk tolerance of your organization/ testicle.

Personally I run crazy high security on assets I don’t understand/ can’t test well/ don’t really care about because there is little downside. For the rest :man_shrugging: it depends


FWIW I know @sandro will ask offline…… no, no new freckles for me. I appreciate the concern though. :joy:


This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.