OWASP rule disabled but still used for score

Hi folks

Using the new WAF model. I have disabled a few OWASP rules based on the usage profile for our site. Despite this, some of these are still being used to score requests.

For example rule 942460 is off:

But when I look at the WAF logs, this rule is used to score a request:

This happens with quite a few rules actually… Any idea or should I check with support?

Raised ticket #2198396 with some Ray ID for example.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.