How can i block those attacks ?
i want its take this Action BLOCK
It already blocked still log/simulate
It might take up to 30 minutes for the new logs to ingest.
its 4 months now but not that new attacks not blocked this, just log/simulate
I’m on mobile and can’t dig around, but it’s possible that the specific rule number isn’t set to block.
so can you tell me how to set to block.
The specific rule is only On/Off.
Sorry, I don’t have an idea about this too. You might need to contact Cloudflare Support.
To contact Cloudflare Customer Support, login & go to https://dash.cloudflare.com/?account=support and select get more help. If you receive an automatic response that does not help you, please reply and indicate you need more help.
Please do not create multiple threads.
Please post a screenshot of this section of Firewall → Managed Rules
I want to block them not challenge sir
The “OWASP ModSecurity Core Rule Set” is based on scoring system - the higher the score, more likely it’s an attack. This is why you are given the option to choose the sensitivity of the rule set (Low, Medium and High).
The “Additional logs” are contributing to the scoring system - if the traffic matches any of the OWASP rules, they will log it, but the final score will be calculated based on the logged items - which determines whether to block the traffic or not.
So that means they are blocked or what? but why they not show blocked in Additional logs but it shows BLOCKED in Action Taken.
Please read this again. The “Additional logs” are what determine the final action. This is the reason why the “Additional logs” are included in the firewall event. If the final action is Block, then the traffic is blocked.
If you still don’t understand, I guess I have to ask someone from Cloudflare @mdemoura to explain it in very detail.
I’m still don’t understand, so can someone get explain me thank you.
Hi @sahill, can you provide a new screenshot of a recent Firewall event? We’ve recently made some improvements to how the OWASP CRS ruleset is logged so it’s best to explain with a newer example to the one you initially posted.
@mdemoura hello sir can you explain to me now why they do not block Additional Logs why it’s doing Log/Simulate.