I think the Managed Rules have started flagging my IP as a definite bot and I am unable to update Wordpress posts on my site,.

Aug 28, 2023 11:48:40 AM
Block
United States
2601:280:5280:7bc0:c06b:731b:2d0c:3acf
Managed rules

I have tried several things to correct/allow myself but so far no luck. Except for disabling the Cloudflare OWASP Core Ruleset configuration

In the Events log the block is due to Managed Rules and the rule is XSS HTML injection script tag.

My ip6 address gets changed from time to time by Comcast . Should I exclude my Ray ID?

Ray ID identifies each request with a random string, it won’t be useful here.

What you should do is create a WAF exception, so that this specific rule is skipped when certain conditions match, such as the relevant URI Path + your IP address, for instance.

I added my ip4 address + the uri and it lets me thru with the rulesets active. They now challenge the security but once thru it is fine. I don’t mind the extra step if it is safer. Thanks for the advice. I thought I tried that before though I didn’t use two conditions

In all likelihood another rule (or perhaps another Cloudflare security feature) is doing this. If it’s another Managed Rule, you can if you wish add this other rule in the same WAF exception you created.

kioskindustry.org

Checking if the site connection is secure

kioskindustry.org needs to review the security of your connection before proceeding.

That’s a standard Managed Challenge message. You need to check the Events log to see which rule/feature is triggering it.

Reminds me of the old network technicians who never considered the network safe until all users were unable to access it.

I should be able to allowlist my IP somewhere before all these rulesets.

Did you create the WAF Exception, as suggested? If so, you can edit it to add this other rule you’ve just identified.

You can also create a WAF Custom Rule with action set to Skip, and list all security features you want skipped for requests from your IP, as long as you have control of it.

Screenshot from 2023-08-28 16-50-30977×1179 77.5 KB

I am about ready to just turn it off while I work. I already have to switch to dev mode when I do that. I wish I could be a web engineer and a web content manager with two heads and four hands.

To be clear, are you still facing the challenge after this skip rule?

Should the URI match have the hostname? The example suggests that is for matching the path.

It still wants me to verify I am human.

As noticed by @epic.network your rule will never match because you’re trying to match the hostname (example.com) against the URI field, which represents /path?query-string:

Also, when I suggested you matched both IP and path, I was thinking a rule that would only apply to a limited set of paths. Since you seem to want to match it against any request, you could simply remove the URI part, and just match against your IP address.

Your screenshot shows the block with an “OWASP Score” of 38, which implies that you have it set to be pretty aggressive. You could also try reducing the overall threshold and paranoia levels:

Screenshot 2023-08-28 at 8.03.29 PM1072×690 27.6 KB

Thanks guys. configuring my rule correctly + being less paranoid did the trick. I appreciate your patience.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.