Skip to content

Handle false positives

If you encounter a false positive caused by a managed rule, do one of the following:

  • Add an exception: Exceptions allow you to skip the execution of WAF managed rulesets or some of their rules for certain requests.

  • Adjust the OWASP managed ruleset: A request blocked by the rule with ID ...843b323c and description 949110: Inbound Anomaly Score Exceeded refers to the Cloudflare OWASP Core Ruleset. To resolve the issue, configure the OWASP managed ruleset.

  • Disable the corresponding managed rule(s): Create an override to disable specific rules. This may avoid false positives, but you will also reduce the overall site security. Refer to the dashboard instructions on configuring a managed ruleset, or to the API instructions on creating an override.

Additional recommendations

  • If one specific rule causes false positives, disable that specific rule and not the entire ruleset.

  • For false positives with the administrator area of your website, add an exception disabling a managed rule for the admin section of your site resources. You can use an expression similar to the following:

    http.host eq "example.com" and starts_with(http.request.uri.path, "/admin")