Cloudflare OWASP Core Ruleset blocking legit requests
I was prompted to migrate to the managed WAF rulesets by the Security Center showing a "critical" issue for not using them. Doing so immediately blocked legitimate requests to my site, almost all requests (even without any query parameters) were being flagged by the same six rules. I turned the core ruleset off and requests started working again. What would cause a simple GET requests from a legit browser to be triggering these?
