SQL Injection - Prevention Not Working

We are running SQL Injection testing against an input form in our domain. However, the Cloudflare OWASP Core Ruleset & Cloudflare Managed Ruleset, although both enabled, are not stopping the SQL Injection. My understanding is that SQL Injection is part of the ruleset however doesn’t seem to be stopping it.
Any thoughts would be appreciated.
Thank you!
Barnard.

I assume you’re using at least a Pro plan.

May I ask if you’ve got it enabled like at the below example, mostly, or differently? :thinking:

Furthermore, may I ask if you’ve tried using the “Advanced” button, or you’re already using it, therefore enabled the particular rule which might by default be “disabled”? :thinking:

Otherwise, may I ask have you tried asking about this case and reporting this to Cloudflare Support, if so? :thinking:

Thank you! Im going to check those settings - I have contacted support as well. Waiting for a reply. Will post my findings here.

1 Like