On the edge firewall we see that we are receiving several attacks that pass through the Cloudflare network. It even tells us the observed CVEs. These are not defined in Cloudflare’s managed rules. Why does this happen?
What is the issue you’re encountering
The Edge Firewall detects attacks that Cloudflare does not. CVE.2024.1212, CVE-2020-13118, CVE-2020-5510, CVE-2021-36748, CVE-2021-43140, CVE-2022-24219, CVE-2022-24220, CVE-2022-24221, CVE-2022- 24222,
Are you able to observe these requests from these source IPs in the Cloudflare dashboard?
Also, to confirm the origin is locked down to Cloudflare Ip’s. Can you also check “Security Events” as well to make sure no “skip” rule is allowing these request via the WAF?
If none are present please verify no IP access rule is in place as well that could be bypassing WAF rules for this source IP.