Unable to specify OWASP ModSecurity Core Rule Set when enabling WAF

firewall
#1

Hi, I have a paid plan for my site. It should have both built-in cloudflare rule set and OWASP ModSecurity Core Rule Set supported according to Cloudflare plans compare-features page.

I tried to follow the following posts to configure WAF: https://support.cloudflare.com/hc/en-us/articles/115000223771 and https://support.cloudflare.com/hc/en-us/articles/360002866492-Managing-the-OWASP-rule-set-in-the-WAF

However, after I turned on WAF, I could not find a way to specify which OWASP ModSecurity Core Rule Set to use. I was only given a built-in ruleset.

Can anyone provide any hints on enabling and specifying OWASP ModSecurity Code ruleset?

Many thanks.

#2

I am not Sure If this is Limited to business and enterprise. If not you should be able to activate or deactivate single rules

#3

Thank you Mark for your reply. Here is the link of the different features between plans: https://www.cloudflare.com/plans/#compare-features. It shows all non-free plans have the buildin rule set and owasp modsecurity core rule set enabled.

closed #4

This topic was automatically closed after 30 days. New replies are no longer allowed.