Medaiwiki and Cloudflare WAF

firewall

#1

Has anyone experienced issues with the Cloudflare Specials WAF rule-set? It incorrectly triggers the SQLi rule when editing pages with Mediawiki markup code due to the usage of brackets, quotes and other non-alpha numeric characters.

I previously raised a ticket on this when we enabled the OWAP rule-set and without knowing the cause support just advised to disable/white-list (Which doesn’t address the cause but as they pointed out OWASP rules aren’t controlled by Cloudflare).

I have raised another ticket now and again the response has been disable/white-list, I think this is a fairly poor response considering they have done no investigation of the cause. I have requested they send the ticket to someone with technical knowledge to see what they say.

Has anyone else came across this?


#2

This topic was automatically closed after 30 days. New replies are no longer allowed.