Managed Rules not deployed
I logged into my Cloudflare account and just saw for the first time that there is a warning that I do not have Cloudflare managed ruleset turned on. I have never seen this warning. Is this new? Is it default to not have them turned on? Thank you.
I don’t know what to do.
Off
Pro Plan or higher gets Cloudflare’s WAF/Managed Rulesets, and it looks like your zone, grillpartssearch.com, is Pro or higher. Under Security → WAF → Managed Rules (or by clicking on the “Manage in Managed Rules app” from that screen), you can deploy some of the rulesets.
Deploy a WAF managed ruleset in the dashboard · Cloudflare Web Application Firewall (WAF) docs
The general idea of a WAF is to protect your origin from exploits, including brand new ones as they are discovered, and stop bad requests before they waste your origin’s compute, regardless if your origin is actually vulnerable to them or not: https://www.cloudflare.com/learning/ddos/glossary/web-application-firewall-waf/
The only risk false positives, which you can make exceptions for: Handle false positives · Cloudflare Web Application Firewall (WAF) docs
Thank you Chaika! So under Cloudflare Pro, by default the “Managed Rules not deployed” warning appears if they are not activated. We recently turned on Super Bot Fight Mode to stop a huge influx in bots performing credit card attacks and it is working. I am assuming we can we keep the managed rules turned off so we don’t have to deal with false positives but it is an option if we have to keep finding new ways to fight bots. Do you believe this is correct?
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.
