Unable to specify OWASP ModSecurity Core Rule Set when enabling WAF

smdhmy · January 23, 2019, 4:55am

Hi, I have a paid plan for my site. It should have both built-in Cloudflare rule set and OWASP ModSecurity Core Rule Set supported according to Cloudflare plans compare-features page.

I tried to follow the following posts to configure WAF: https://support.cloudflare.com/hc/en-us/articles/115000223771 and https://support.cloudflare.com/hc/en-us/articles/360002866492-Managing-the-OWASP-rule-set-in-the-WAF

However, after I turned on WAF, I could not find a way to specify which OWASP ModSecurity Core Rule Set to use. I was only given a built-in ruleset.

Can anyone provide any hints on enabling and specifying OWASP ModSecurity Code ruleset?

Many thanks.

MarkMeyer · January 23, 2019, 7:16am

I am not Sure If this is Limited to business and enterprise. If not you should be able to activate or deactivate single rules

https://support.cloudflare.com/hc/en-us/articles/360002866492-Managing-the-OWASP-rule-set-in-the-WAF

smdhmy · January 23, 2019, 10:27am

Thank you Mark for your reply. Here is the link of the different features between plans: Our Plans | Pricing. It shows all non-free plans have the buildin rule set and owasp modsecurity core rule set enabled.

system · February 22, 2019, 4:55am

This topic was automatically closed after 30 days. New replies are no longer allowed.

Topic		Replies	Views
WAF Managed Rulesets Security	3	2036	February 18, 2020
OWASP Top 10 Security	7	4163	November 4, 2018
Cannot see the OWASP managed rules Security firewall	5	3049	July 5, 2019
Sensitivity setting for OWASP ModSecurity Core Rule Set Security	1	1699	July 16, 2022
OWASP bypass notice - Cloudflare not affected Security waf	1	2738	July 17, 2021

Unable to specify OWASP ModSecurity Core Rule Set when enabling WAF

Related topics