How to do Log/Simulate into Block

sahill · February 24, 2021, 1:30pm

How can i block those attacks ?

i want its take this Action BLOCK

explain me

erictung · February 24, 2021, 6:07pm

Scroll down…

sahill · February 24, 2021, 6:07pm

It already blocked still log/simulate

Judge · February 24, 2021, 6:18pm

It might take up to 30 minutes for the new logs to ingest.

sahill · February 24, 2021, 6:31pm

its 4 months now but not that new attacks not blocked this, just log/simulate

sdayman · February 24, 2021, 7:39pm

I’m on mobile and can’t dig around, but it’s possible that the specific rule number isn’t set to block.

sahill · February 24, 2021, 9:29pm

so can you tell me how to set to block.

erictung · February 25, 2021, 1:43am

The specific rule is only On/Off.

erictung · February 25, 2021, 1:43am

Sorry, I don’t have an idea about this too. You might need to contact Cloudflare Support.

To contact Cloudflare Customer Support, login & go to https://dash.cloudflare.com/?account=support and select get more help. If you receive an automatic response that does not help you, please reply and indicate you need more help.

sahill · February 28, 2021, 6:09am

Why they are not blocked in Additional logs ??

Judge · February 28, 2021, 6:10am

Please do not create multiple threads.

Please post a screenshot of this section of Firewall → Managed Rules

sahill · February 28, 2021, 6:25am

I want to block them not challenge sir

sahill · February 28, 2021, 6:27am

here its

erictung · February 28, 2021, 6:46am

The “OWASP ModSecurity Core Rule Set” is based on scoring system - the higher the score, more likely it’s an attack. This is why you are given the option to choose the sensitivity of the rule set (Low, Medium and High).

The “Additional logs” are contributing to the scoring system - if the traffic matches any of the OWASP rules, they will log it, but the final score will be calculated based on the logged items - which determines whether to block the traffic or not.

sahill · February 28, 2021, 7:27am

So that means they are blocked or what? but why they not show blocked in Additional logs but it shows BLOCKED in Action Taken.

erictung · February 28, 2021, 9:57am

Please read this again. The “Additional logs” are what determine the final action. This is the reason why the “Additional logs” are included in the firewall event. If the final action is Block, then the traffic is blocked.

If you still don’t understand, I guess I have to ask someone from Cloudflare @mdemoura to explain it in very detail.

sahill · March 4, 2021, 1:40pm

I’m still don’t understand, so can someone get explain me thank you.

mdemoura · March 9, 2021, 7:40pm

Hi @sahill, can you provide a new screenshot of a recent Firewall event? We’ve recently made some improvements to how the OWASP CRS ruleset is logged so it’s best to explain with a newer example to the one you initially posted.

sahill · March 10, 2021, 5:20am

See the…

sahill · March 10, 2021, 11:18am

@mdemoura hello sir can you explain to me now why they do not block Additional Logs why it’s doing Log/Simulate.