I have the Security Insights scan set to automatically review my account for vulnerabilities. Each time it runs it shows hundreds of results for domains that are not mine? Each one has the warning ‘Zones without WAF Managed Rules’ in the category ‘Insecure configuration’
Why are these showing up? Should I be worried?
The servers I have my Cloudflare DNS pointing at are AWS ElasticBeanstalk/Amplify CNAME values.
Hi @rorydmercer I can see those websites are not in your account. I cannot replicate this in my account, but can in yours. I’ll create an Account ticket on your behalf & share the number here. And, you’ll receive a copy of the ticket.
We have created that ticket it is 3000412 and are reviewing and working on fixing this currently.
May I know if the issue is resolved, I have the same exact issue.
Appreciate your response.
We have created an active incident.
It can be seen at Cloudflare Status page
Thank you for reporting this issue. After conducting a review, we determined this issue resulted from corrupted data introduced on October 19th, as a result of some work related to a different database incident. This unintended data corruption led to the display of irrelevant Security Insights for certain accounts.
We have taken the following steps to fix this discrepancy:
- Data Cleanup: We have deleted all old, incorrect insights to ensure that your data is accurate moving forward.
- Upcoming Data Scan: Our system will conduct a new scan to surface a fresh set of Security Insights relevant to your account. This will ensure that you receive insights that pertain directly to your zones and properties.
We understand the importance of the Security Insights feature for your security management needs and we apologise for any inconvenience this issue may have caused. If you have any questions or require further assistance, please do not hesitate to reach out to our support team.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.