False positive managed challenge

A customer of ours is being challenged on each request. I can find examples in the firewall events and so know which ruleId and ruleset they are falling foul of. What I need to be able to do is find out what those rules are so that I can let them know why it is happening and if there is anything they can do about it.
Is this possible?

Yes you can navigate to Security → Events, you should see all Firewall Events. You can filter it down to the request you’re talking about, then expand it in the Activity log. You will then be able to see the service, ruleset, and rule, and action taken.

Here’s an example of a Managed Challenge rule I made for myself, that displays a managed challenge for Australian visitors:

Thanks, yes, that’s where I am able to find the IDs of the ruleset and rule. What I need to know is what the rule is. Given the rule ID, how can I see the rule body?

You can use the API

Or, if you want to see it in the dash you could look under Security → WAF

Thanks, yes, that’s where I am able to find the IDs of the ruleset and rule. What I need to know is what the rule is. Given the rule ID, how can I see the rule body?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.