Firewall rule not working

I have some pages on my Intranet that are getting blocked by the WAF because the URL has a SQL query in it. I am trying to excempt certain pages from being blocked like this: (http.request.uri.path contains “/intranet/mail/”) and then choose action Allow.

However, the pages are still getting blocked, when a SQL statement is in the URL.

What am I doing wrong, or am I misunderstanding something?


Cloudflare first evaluates firewall rules and subsequently WAF rules, there is a chance the “allow” wont affect WAF. Maybe @alexcf could clarify that.

Yes, unfortunately at the moment the WAF and Firewall Rules are “standalone”, however we’ll be working to consolidate these in the near term. There isn’t really a great way to avoid that from being blocked.

1 Like

Ok that explains it, thanks! It would be nice to be able to turn off the WAF for certain website areas, like Intranets.

This topic was automatically closed after 30 days. New replies are no longer allowed.