Handle false positives

If you encounter a false positive caused by a managed rule, do one of the following:

• Add an exception: Exceptions allow you to skip the execution of WAF managed rulesets or some of their rules for certain requests.

• Adjust the OWASP managed ruleset: A request blocked by the rule with ID ...843b323c and description 949110: Inbound Anomaly Score Exceeded refers to the Cloudflare OWASP Core Ruleset. To resolve the issue, configure the OWASP managed ruleset.

• Disable the corresponding managed rule(s): Create an override to disable specific rules. This may avoid false positives, but you will also reduce the overall site security. Refer to the dashboard instructions on configuring a managed ruleset, or to the API instructions on creating an override.

Note

If you contact Cloudflare Support to verify whether a WAF managed rule triggers as expected, provide a HAR file captured while sending the specific request of concern.

Additional recommendations

• If one specific rule causes false positives, disable that specific rule and not the entire ruleset.

• For false positives with the administrator area of your website, add an exception disabling a managed rule for the admin section of your site resources. You can use an expression similar to the following:

  http.host eq "example.com" and starts_with(http.request.uri.path, "/admin")