WAF's OWASP Core Ruleset from not seems to work


Sorry if this doubt is a kind of obvious, but I wasn’t able to understanding it.

I set up Cloudflare’s WAF and OWASP Core Ruleset under my domain, but some kind of requests not seems to been blocked.

For instance, if i made a simple request as <BASE_URL>/?teste=%3Cscript%3Ealert(1)%3C/script%3E shouldn’t the request be blocked because it contains a tag?

Nothing seems to happen and the request is forward normally.

Could anyone clarify me? Thanks.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.