Unable to specify OWASP ModSecurity Core Rule Set when enabling WAF

Hi, I have a paid plan for my site. It should have both built-in Cloudflare rule set and OWASP ModSecurity Core Rule Set supported according to Cloudflare plans compare-features page.

I tried to follow the following posts to configure WAF: https://support.cloudflare.com/hc/en-us/articles/115000223771 and https://support.cloudflare.com/hc/en-us/articles/360002866492-Managing-the-OWASP-rule-set-in-the-WAF

However, after I turned on WAF, I could not find a way to specify which OWASP ModSecurity Core Rule Set to use. I was only given a built-in ruleset.

Can anyone provide any hints on enabling and specifying OWASP ModSecurity Code ruleset?

Many thanks.

I am not Sure If this is Limited to business and enterprise. If not you should be able to activate or deactivate single rules

Thank you Mark for your reply. Here is the link of the different features between plans: https://www.cloudflare.com/plans/#compare-features. It shows all non-free plans have the buildin rule set and owasp modsecurity core rule set enabled.

This topic was automatically closed after 30 days. New replies are no longer allowed.