WAF Rules- Naming Convention

We had a small subset of customers that were blocked by the WAF rule Drupal - Anomaly:Header:X-Forwarded-For - CVE:CVE-2018-14774.
We were unable to reproduce the issue on our end but the logs showed enough blocks that we disabled the rule under the assumption that our site doesn’t use Drupal, or Symfony and the vulnerability is not applicable to our use case.
My question is in regard to the naming convention CF users for the rule sets. In this case “Drupal…” , are there cases where the rule set title and tags would not encompass all the related vulnerabilities associated with the rule? Or is this more a “buyer beware” type of thing and it is up to the end user to research what they are turning off or on?

I have the same problem. anyone can help us?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.