we’ve implemented an exclusion rule for the directory where the CSS files reside “/Content”
Was the site working with SSL prior to adding it to Cloudflare?
Yes
What is the current SSL/TLS setting?
Full (strict)
What are the steps to reproduce the issue?
not consistent -
We’re currently facing a challenge with our WAF implementation that’s causing issues with our CSS and, in some cases, JavaScript. To mitigate the problem, we’ve implemented an exclusion rule for the directory where the CSS files reside “/content”, but we haven’t applied the same rule for JavaScript yet. In some instances the CSS is still broken (no styling) even with the exclusion.
Has anyone else experienced similar issues with their WAF breaking site styles or scripts? Should we be considering exclusions for JavaScript as well? I’d appreciate any insights or recommendations on how you’ve resolved similar problems.
If you are having issues with false positives, I would suggest checking your security events and the activity log on the bottom should tell you why a specific request was blocked/challenged by the Cloudflare WAF. This will allow you to understand why certain requests are still getting blocked even though you have implemented a skip rule. For more information on Security events I suggest taking a look at this document:
Hi,
Thank you for your response. It appears that a rate-limiting rule is impacting the user when calling the CSS file: /Content/PointBroadbandEZPay.min.css.
That said, we already have a WAF exclusion for the /Content directory.
Additionally, the challenge is occurring as the user navigates between screens. Could this be related to the rate-limiting rule? Is it possible to add exclusions for the root directory / to resolve this issue?
I look forward to your feedback.
Best regards,
Barnard.