Identify the exact managed rule


I’m trying to pin down a manage rule in the Cloudflare firewall that restricts logging in with certain passwords. The message is “XSS, HTML Injection - Script Tag”, Rule ID 100173 and it’s part of the Managed Rules.
Any ideas how I can get to it and if there’s any way I can understand how the rule actually works?

There’s a similar topic here WAF Managed Rulesets - Can I see the settings behind the rule?. Unfortunately there’s no answer.

Our issue is that the Cloudflare firewall steps in only when the user tries to log in and not when he changes the password, so we’d like to understand how Cloudflare filters this so that we know what needs adjusting.


May I ask which Cloudflare plan are you using? :thinking:

Good question :+1:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.