I recently enabled WAF and we are getting a lot of these hits:
Rule: 100043A/100043B - Anomaly:Header:User-Agent
Group: Cloudflare Specials
Match Triggered: REQUEST_HEADERS:HOST
The website runs on Wordpress so I enabled the Cloudflare Wordpress and Cloudflare Specials managed rulesets. I’m afraid these are false positives but it’s not clear to me what these rules do or what it looks for. What would be the risk if I disabled them? Is it common that about 75% of the events are these two rules?