JIRA WAF rules


#1

I currently have the entire WAF platform in ‘Simulate’ mode, while on-boarding JIRA. Unfortunately, the JIRA core, and the commercial modules we use, are an abysmal wreck of OWASP and CF Special rule violations. Without Enterprise Log Share (ELS) API, analyzing WAF hits is extremely arduous, I’ve spent numerous hours over the past 4 days, looking at firewall log entries, to create page rules.

Has anyone created recent guidelines for getting JIRA to work without setting OWASP to ‘Low’?


#2

Sorry for the delays, but this is probably something that will need to be submitted to our support engineers. You can do so by emailing supporet[at]cloudflare[dot]com.