Need a clarification for Cloudflare WAF attacks

What is the name of the domain?

fpmarkets.com

What is the error number?

Cloudflare WAF flagged a False Positive security event as an under Attack category

What is the issue you’re encountering

We need your support for the cloudflare attack detection purpose. Why did cloudflare trigger legitimate events also in the attack categories? We are receiving some security events as attacks, but the activity was legitimate. So, we need to know why the legitimate activity triggered an attack and on what rule basis it was triggered. Please support us in understanding the issue, and once we know, we’ll sort it out from our end.

Screenshot of the error

Sample events.png1139×588 30.5 KB

If you check on this site, you should be able to see the reason why the request was blocked: https://dash.cloudflare.com/?to=/:account/:zone/security/events
How to solve this depends on why it was counted as an attack.

This link represents the dashboard, which we are already aware of and using on our side. We only need a reason as to why legitimate activities are being triggered as attacks.

If you click on the link, it will take you to the Events page.

On the bottom of the page, you can find the logs for each individual event (though they aren’t kept for very long). The logs will tell you which rule caused the event, and how to proceed depends on what rule caused it.

Hi @Laudian,

Are you telling about this marked one?

image1129×361 22.2 KB

No, that’s not the page that I linked. I just tried the link, so I’m sure it works.

Your screenshot is of the analytics page, not the events page.

Hi Laudian,

In events page how I get that? can you please provide any screenshot or support link.

At the bottom, you find the Sampled Logs. You find the Event that you’re interested in, and it will say Rule: xxxxxxx. That’s what you need to find.

This topic was automatically closed after 15 days. New replies are no longer allowed.