Hi, I have a paid plan for my site. It should have both built-in cloudflare rule set and OWASP ModSecurity Core Rule Set supported according to Cloudflare plans compare-features page.
I tried to follow the following posts to configure WAF: https://support.cloudflare.com/hc/en-us/articles/115000223771 and https://support.cloudflare.com/hc/en-us/articles/360002866492-Managing-the-OWASP-rule-set-in-the-WAF
However, after I turned on WAF, I could not find a way to specify which OWASP ModSecurity Core Rule Set to use. I was only given a built-in ruleset.
Can anyone provide any hints on enabling and specifying OWASP ModSecurity Code ruleset?