Waf block in my server instead of in CF

I have a site delegated to CF, with cache everything, WAF activated high.
The CF firewall detects and blocks some /xmlrpc.php, but many more are detected and blocked in my server’s modsecurity.
My question is: if I have CF activated, so that all content passes through CF, caching everything, why does traffic pass to my server?

Thanks for the information you can provide me.

Cache Everything does not stop all traffic to your server. Files don’t stay cached for very long, and every edge server has its own cache. You’re always going to have at least some traffic hitting your origin server.

Ok, but shouldn’t the CF waf stop the attacks before they reach my server?
What is the meaning of CF if not?

This topic was automatically closed after 30 days. New replies are no longer allowed.