We have the same problem as this user: How to Resolve this Cloudflare Ray ID: 7d3eb086eedab98e
How can we resolve this block? Our server hosts said this is specifically a blockage on Cloudflare’s side, the thread above says we should check our Firewall logs to discover the error. But where can I check Firewall logs for the domain on CF?
Previously I was able to filter the Ray ID, it mentioned a block related to a Wordpress plugin called Yoast. I disabled this plugin but it made no difference, hence we are looking on here. Additionally, the block seems to be being triggered by any IP we are trying this from now.
Any help greatly appreciated,
Thanks Laudian, that’s a big help!
So when I look at the events for the website in question, I see the blocks for the query each time. But how can I troubleshoot this? It shows as follows:
Ruleset: Cloudflare Managed Log4J Ruleset: 77454fe2d30c4220b5701f6fdfb893ba
Rule: Wordpress:Plugin:Yoast SEO - SQLi - CVE:CVE-2015-2292
As the Rule shows the ‘Yoast’ wordpress plugin I tried removing that from the website, however following this the same Ruleset/Rule data is supplied for the subsequent block. Which is odd, but I suppose there is still something related to Yoast in the database or something? In any case I’m not sure how to proceed from here.
If anyone has any ideas it is greatly appreciated, we have end users wanting to remove Cloudflare entirely because of this, but of course I am very much wanting to avoid doing anything like that, pointing out the overall benefits etc!
To be clear, the Yoast plugin’s name appears on the rule name because it’s aimed at preventing requests that target a past vulnerability of that plugin. You do not need to remove the plugin. Even if you do, malicious requests which Cloudflare’s WAF understand to be targeting that vulnerability will be blocked. If the rule is causing false positives, that is, legitimate requests are being blocked, you can create an Exception for that WAF rule and any other in similar circumstances.
Thank you cbrandt, that’s a great help. So following the WAF exceptions link, I have gotten to this point:
Add a WAF exception in the dashboard
1. Go to the zone or account dashboard page
To add a WAF exception at the zone level:
- Log in to the Cloudflare dashboard
- , and select your account and domain.
- Go to Security > WAF > Managed rules.
- Select Add exception.
From this page: Add a WAF exception in the dashboard · Cloudflare Web Application Firewall (WAF) docs
But on the dashboard under managed rules, we see this message: " Managed rules
Free customers are receiving protection from the Cloudflare Free Managed Ruleset today. Upgrade to receive more comprehensive protection, the full set of Cloudflare managed rules and firewall analytics."
So am I understanding correctly that the exception we need to apply can only be done on paid accounts, not on Cloudflare free tier?
Apologies that these are such basic questions, but this issue is very odd for us and we will likely have to move this site from Cloudflare if it proves to be this complex. I believe the one page that is causing this issue is tied to a very specific Wordpress plugin, so perhaps that is in someway at fault, somehow.
Thanks in advance for any help.
That’s not what Cloudflare promised over a year ago:
Deploying and configuring
For all new FREE zones, the ruleset will be automatically deployed. The rules are battle tested across the Cloudflare network and are safe to deploy on most applications out of the box. Customers can, in any case, configure the ruleset further by:
- Overriding all rules to LOG or other action.
- Overriding specific rules only to LOG or other action.
- Completely disabling the ruleset or any specific rule.
All options are easily accessible via the dashboard, but can also be performed via API. Documentation on how to configure the ruleset, once it is available in the UI, will be found on our developer site.
From: WAF for everyone: protecting the web from high severity vulnerabilities
But it seems that the WAF exception for Free Plan users wasn’t ever implemented, as far as I can see, at least not on the Dashboard.
Which leaves us with the API. I haven’t tried it, but hopefully someone else from this Community with experience in configuring Rulesets via Cloudflare API may provide you further help, if needed.