OWASP still showing 2013 ruleset

According to this article

OWASP and other WAF rules have been renewed to new version. But I am still getting older ruleset. Will they ever we available to older customers?

According to article

Starting today, 10% of newly created accounts on Cloudflare will be given access to the new WAF whenever a Pro plan zone or above is added. This percentage will increase to 100% of new accounts over the month of April, after which migration efforts will commence for existing customers. Enterprise customers may migrate early by contacting their account team.

What are you seeing that shows you’re still on the older ruleset? I’d like to check mine.

Probably it’s based on the old/new WAF UI. If you see the new WAF user interface then most probably you are having OWASP 2017 ruleset.

Ah, that certainly makes it clear. Mine also shows that 2013 rule set. @erictung, what would the new one look like?

1 Like

any timeline when will the newone will appear on my dashboard?

Sorry for bumping this topic. I am looking for a timeline when will I get new WAF ruleset?

I don’t have an idea about this, but the new WAF doesn’t seem to be very stable to me, something like the WAF bypass rule won’t work with the new WAF so I have to disable the affected WAF rule or the entire ruleset just to prevent false positives.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Hi erictung,

If you see our developer docs on link below, we recently impeletned SKIP which is new action user can select from drop down menu or API. With selecting SKIP action, user can choose to SKIP(Bypass) one or more specific WAF Managed Rulesets or all remaining managed rulesets.
https://developers.cloudflare.com/waf/managed-rulesets/waf-exceptions

1 Like