New Managed Firewall Cloudflare OWASP Core Ruleset

Hi folks

Over the last few months I’ve seen a few products/service offerings being released that, while feature complete, were not working exactly as intended.

For example take SFBM. The initial idea is brilliant but the fact you can’t bypass it for certains situations makes it impossible to adopt for those who have some manageable automated traffic such as RSS feed readers, IFTTT/Zapier integrations and other APIs. Nothing has been done about this, despite plenty of feedback in this forum and in support tickets.

Another example is the new Managed Firewall. I asked to use the new version because I was very interested in the Leaked Credentials Check feature. It works really well. But at the same time the new Managed Firewall completely broke how the OWASP Core Ruleset is applied.

I see cases of requests beings blocked with error 949110 - expected. But what is not expected is to see specific rules being applied tot the total score even when they are disabled. In most cases all the rules applied to the total score are rules that I had previously disabled.

A previous support ticket received the response that “Yes, we know this is happening and we will update this ticket” but was closed after 25 days without a resolution.

There are lots of cases where services are launched with some missing features and/or final touches required for UI/UX - we’ve seen this in the Gateway product where new features are added all the time and it’s now a working service. But the Managed Firewall offering should be the one service where things aren’t left behind and bugs like this should be fixed instead of just ignored.

Yes, I know the new firewall is a beta but even for a beta the update cycle and response from support is very slow.

This has now been fixed by the team.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.