I just activated WAF on one of our domains and we’re now seeing blocks for a certain internal page when submitting a form using POST. Where can I find more details on what trigger’s rule 100173 so I can diagnose the issue?
There is some more information related to the rule you mentioned: https://developers.cloudflare.com/waf/change-log/2020-01-20/ and Uploading packages
Cloudflare Specials 100173 Improve XSS detection. N/A Block
It seems like a relatively new rule, that causes false positives.
You can also use tools like GoTestWAF to check for other false positives and false negatives https://github.com/wallarm/gotestwaf
Thanks. Those look like good resources.
So after digging into this form some more I can see it’s a configuration form, one of the inputs allows an admin user to list script tags to be included in the site for a given section of the site. Not the coolest idea. So, I guess in this case the rule is returning a correct positive, it’s just the app is designed to allow this type of input entry.
For now I’d like to disable that specific rule in the Cloudflare Special rule set. How is this done? That rule was already set to “Disable” but we still got the blocked page from Cloudflare.
This topic was automatically closed after 30 days. New replies are no longer allowed.