Legitimate traffic hitting XSS - Javascript Events block 100135B

As of this week we had quite a few of users request being blocked due to them being caught by the 100135B filter on the firewall rules. We found this through customer reports to CX so it is a block affecting users and not just a spike on bot traffic. We temporarily shifted the action to be “challenge” rather than block (so our customers can proceed to the site) but we would like to understand better what might we be doing wrong.

Could we get more information as to what rule 100135B covers?
Could we get the number of challenges that have been passed? (that would be a good proxy to estimate effect on users)

Part of CF specials, Improve XSS detection. I doubt you will get much more information than that. If it’s causing false positives, consider filling a bug report and post the ticket # in here; however, the odds are that you will have to disable that rule as it’s a false positive and not a bugg.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.