Issues with WAF Breaking CSS and JavaScript

What is the name of the domain?

What is the error message?

N/A

What is the issue you’re encountering

Issues with WAF Breaking CSS and JavaScript

What steps have you taken to resolve the issue?

we’ve implemented an exclusion rule for the directory where the CSS files reside “/Content”

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full (strict)

What are the steps to reproduce the issue?

not consistent -
We’re currently facing a challenge with our WAF implementation that’s causing issues with our CSS and, in some cases, JavaScript. To mitigate the problem, we’ve implemented an exclusion rule for the directory where the CSS files reside “/content”, but we haven’t applied the same rule for JavaScript yet. In some instances the CSS is still broken (no styling) even with the exclusion.

Has anyone else experienced similar issues with their WAF breaking site styles or scripts? Should we be considering exclusions for JavaScript as well? I’d appreciate any insights or recommendations on how you’ve resolved similar problems.

Thanks in advance! Barnard

Hey there,

If you are having issues with false positives, I would suggest checking your security events and the activity log on the bottom should tell you why a specific request was blocked/challenged by the Cloudflare WAF. This will allow you to understand why certain requests are still getting blocked even though you have implemented a skip rule. For more information on Security events I suggest taking a look at this document:

1 Like

Hi,
Thank you for your response. It appears that a rate-limiting rule is impacting the user when calling the CSS file:
/Content/PointBroadbandEZPay.min.css.
That said, we already have a WAF exclusion for the /Content directory.
Additionally, the challenge is occurring as the user navigates between screens. Could this be related to the rate-limiting rule? Is it possible to add exclusions for the root directory / to resolve this issue?
I look forward to your feedback.
Best regards,
Barnard.