I have the Security Insights scan set to automatically review my account for vulnerabilities. Each time it runs it shows hundreds of results for domains that are not mine? Each one has the warning ‘Zones without WAF Managed Rules’ in the category ‘Insecure configuration’
Why are these showing up? Should I be worried?
The servers I have my Cloudflare DNS pointing at are AWS ElasticBeanstalk/Amplify CNAME values.
Hi @rorydmercer I can see those websites are not in your account. I cannot replicate this in my account, but can in yours. I’ll create an Account ticket on your behalf & share the number here. And, you’ll receive a copy of the ticket.
We have created that ticket it is 3000412 and are reviewing and working on fixing this currently.
Hi @rorydmercer
May I know if the issue is resolved, I have the same exact issue.
Appreciate your response.
Thank you for reporting this issue. After conducting a review, we determined this issue resulted from corrupted data introduced on October 19th, as a result of some work related to a different database incident. This unintended data corruption led to the display of irrelevant Security Insights for certain accounts.
We have taken the following steps to fix this discrepancy:
We understand the importance of the Security Insights feature for your security management needs and we apologise for any inconvenience this issue may have caused. If you have any questions or require further assistance, please do not hesitate to reach out to our support team.
Kind regards,
Alexandra Moraru
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.
