WAF recently started blocking agressively: Rule ID: 100135B

Suddenly started getting complaints that users were getting ‘blocked’. Upon reviewing my cloudflare security logs (Firewall > Overview > Firewall Events), I see that there are a ton of “WAF” and “Hotlink Protection” blocks. Usually was getting 5 blocks a minute, now up to 30+ blocks a minute. No changes have been made to any cloudflare settings in months.

Complaints come from legitimate users and I was able to duplicate the WAF error in firefox, but not in Chrome (they were using all browsers on all platforms). Not able to duplicate the Hotlink Protection error.

I have had to now shut off the WAF - and I am looking to shut off hotlink protection as well.

Any reason why these ‘blocks’ would have suddenly increased very recently?

1 Like

Just figured out how to find the exact issue causing the block.

Rule ID: 100135B
Rule message: XSS - JavaScript Events
Rule Group: Cloudflare Specials

Any reason why this rule would have ramped up in the last 24 hours without any settings changes on Cloudflare or without any changes to the website?

Appears we are having the same issue as well.

I have a confluence setup going through Cloudflare and this wasn’t an issue last week.

Looks like the moved it from Disabled to blocking state today.

This topic was automatically closed after 30 days. New replies are no longer allowed.