How do I manage the "High" or "Low" sensitivity for OWASP on the WAF?

To manage the threshold for OWASP on our WAF:

1. Log into your Cloudflare account.

2. Visit the Firewall app.

3. Click on the Web Application Firewall tab

4. Scroll down to: Package: OWASP ModSecurity Core Rule Set

5. Select the threshold from the Sensitivity dropdown.

Cloudflare provides two sensitivity settings for the OWASP rule set: High and Low. Actions are triggered based on a threat score mechanism. When a request triggers a rule, that rule increases the overall threat score of that request; some rules increase the score more than others. A sensitivity setting of Low will trigger events that score only above 60 and High will trigger events that score above 25.

We also provide 3 actions against a triggered WAF event: Simulate, Challenge and Block:
Simulate: Logs the event and does not block or challenge the visitor (you can still decide to set to a block or challenge after reviewing your logs).
Block: Block will simply block that request entirely, with no option to bypass that block for that request.
Challenge: Will display a challenge (CAPTCHA) page before the visitor can enter the site.

We recommend beginning in 'Simulate' mode to weed out any false positive so you can eventually turn the ruleset to a level that blocks malicious requests while legitimate traffic continues to your origin unaffected. We also have a more in-depth article that explains how to tune your WAF.

Still not finding what you need?

The Cloudflare team is here to help. 95% of questions can be answered using the search tool, but if you can’t find what you need, submit a support request.

Powered by Zendesk