Understanding WAF 100173 causes to troubleshoot possible false positive

I just activated WAF on one of our domains and we’re now seeing blocks for a certain internal page when submitting a form using POST. Where can I find more details on what trigger’s rule 100173 so I can diagnose the issue?

1 Like

There is some more information related to the rule you mentioned: https://developers.cloudflare.com/waf/change-log/2020-01-20/ and Uploading packages

Cloudflare Specials 100173 Improve XSS detection. N/A Block

It seems like a relatively new rule, that causes false positives.

You can also use tools like GoTestWAF to check for other false positives and false negatives https://github.com/wallarm/gotestwaf

2 Likes

Thanks. Those look like good resources.
So after digging into this form some more I can see it’s a configuration form, one of the inputs allows an admin user to list script tags to be included in the site for a given section of the site. Not the coolest idea. So, I guess in this case the rule is returning a correct positive, it’s just the app is designed to allow this type of input entry.

For now I’d like to disable that specific rule in the Cloudflare Special rule set. How is this done? That rule was already set to “Disable” but we still got the blocked page from Cloudflare.

This topic was automatically closed after 30 days. New replies are no longer allowed.