Hi there. New to the community and have searched for the answer to this but does not appear to be an obvious answer out there.
I’ve turned on WAF Managed Rules and the Cloudflare Managed Ruleset makes sense but when I scroll down to OWASP ModSecurity Core Rule Set, the Sensitivity is defaulted to Off.
As a ‘newbie’ to Cloudflare WAF, I’m not wanting to stuff around too much with the default settings as I’m sure these have been designed by some incredibly intellignet people knowing their security stuff… but I’m wondering what the point is of having OWASP ModSecurity Core Rule Set Sensitivity defaulted to ‘Off’ as to me it suggests that it’s… off… so I’m therefore wondering if it should be set to either Low, Medium or High and how do I know which level to select…
Any thoughts or useful comment would be greatly appreciated to help me set OWASP to the right sensitivity level (if Off is not that).