To manage the threshold for the WAF settings:
1. Log into your Cloudflare account.
2. Visit the Firewall app.
3. Click on the Web Application Firewall tab
4. Scroll down to: Package: OWASP ModSecurity Core Rule Set
5. Select the threshold from the Sensitivity dropdown.
The OWASP Mod Security ruleset can sometimes be difficult with API traffic and typically a more detailed tuning is needed to obtain the correct configuration for your application. Cloudflare provides two sensitivity settings for the OWASP rule set: High and Low. Actions are trigged based on a threat score mechanism applied to rules trigged. A sensitivity setting of Low will trigged events that score only above 60 and High will trigger any events that score above 25.
We also provide 3 actions against a triggered WAF event: Simulate, Challenge and Block. A summary of the actions can be found below:
Simulate: Logs the event and does not block or challenge the visitor (you can still decide to set to a block or challenge after review of the event).
Block: Block will block visitors from that IP from accessing the site.
Challenge: Will display a challenge (captcha) page before the visitor can enter the site.
We recommend beginning in 'Simulate' mode to weed out any false positive so you can eventually turn the ruleset to a level that blocks malicious requests while legitimate traffic continues to your origin unaffected.