Medaiwiki and Cloudflare WAF

Has anyone experienced issues with the Cloudflare Specials WAF rule-set? It incorrectly triggers the SQLi rule when editing pages with Mediawiki markup code due to the usage of brackets, quotes and other non-alpha numeric characters.

I previously raised a ticket on this when we enabled the OWAP rule-set and without knowing the cause support just advised to disable/white-list (Which doesn’t address the cause but as they pointed out OWASP rules aren’t controlled by Cloudflare).

I have raised another ticket now and again the response has been disable/white-list, I think this is a fairly poor response considering they have done no investigation of the cause. I have requested they send the ticket to someone with technical knowledge to see what they say.

Has anyone else came across this?

This topic was automatically closed after 30 days. New replies are no longer allowed.