Managed Rule keeps blocking photos

PHP, vBulletin, jQuery File Upload - Code Injection, Dangerous File Upload managed rule keeps blocking random photo uploads.

I don’t want to turn it off, but maybe force to as customers keep complaining and Cloudflare doesn’t provide any information more than PHP, vBulletin, jQuery File Upload - Code Injection, Dangerous File Upload. The rule is 0f2da91cec674eb58006929e824b817c.

Thanks

When you say you don’t want to shut it off, do you mean the entire managed ruleset? Or that you don’t know how to shut off that individual rule?

If you want to shut off that individual rule (and you’re sure you feel it’s safe) you can do so while leaving the rest of the managed rules enabled. In your dashboard, go to the WAF managed rules tab and click Cloudflare Managed Ruleset. Near the bottom, click “Browse rules”. Paste that rule ID into the search box and click Search. Now you can disable that individual rule or change the action taken from it, without affecting the rest of the managed ruleset.

2 Likes

Thank you. I am looking to know if anyone has any thoughts on why it might be blocking them (besides bad uploads). I am not comfortable switching off the rule.

The two vulnerabilities referenced are CVE-2019-17132 and CVE-2018-9206.

Those links show the affected versions of the software. That should help you decide if it’s okay to disable the rule (if your versions are more recent).

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.