I’m trying to pin down a manage rule in the Cloudflare firewall that restricts logging in with certain passwords. The message is “XSS, HTML Injection - Script Tag”, Rule ID
100173 and it’s part of the Managed Rules.
Any ideas how I can get to it and if there’s any way I can understand how the rule actually works?
There’s a similar topic here WAF Managed Rulesets - Can I see the settings behind the rule?. Unfortunately there’s no answer.
Our issue is that the Cloudflare firewall steps in only when the user tries to log in and not when he changes the password, so we’d like to understand how Cloudflare filters this so that we know what needs adjusting.