Handle false positives
If you encounter a false positive caused by a managed rule, do one of the following:
-
Add a WAF exception: WAF exceptions allow you to skip the execution of WAF managed rulesets or some of their rules for certain requests.
-
Adjust the OWASP managed ruleset: A request blocked by rule with ID
...843b323c
and description949110: Inbound Anomaly Score Exceeded
refers to the Cloudflare OWASP Core Ruleset. To resolve the issue, configure the OWASP managed ruleset. -
Disable the corresponding managed rule(s): Create an override to disable specific rules. This may avoid false positives, but you will also reduce the overall site security. Refer to the dashboard instructions on configuring a managed ruleset, or to the API instructions on creating an override.
Additional recommendations
-
If one specific rule causes false positives, disable that specific rule and not the entire ruleset.
-
For false positives with the administrator area of your website, add a WAF exception disabling a managed rule for the admin section of your site resources. You can use an expression similar to the following:
http.host eq "example.com" and starts_with(http.request.uri.path, "/admin")