How do i create a WAF rule to allow file uploads?

i keep getting blocked by "Cloudflare OWASP Core Ruleset configuration"
this is not working:

(http.request.uri.path contains "cool.com" and http.request.method eq "POST")

(http.request.uri.path contains "cool.com" and http.request.method eq "POST")

(http.request.uri.path contains "cool.com" and http.request.method eq "POST")

(http.request.uri.path contains "cool.com" and http.request.method eq "POST")

changing "managed challenge" to "Log" fixes it. but that seems like a bad workaround

SuperHelpflare•7/14/25, 4:01 PM

Support AI

According to the Cloudflare documentation, the issue you're experiencing is likely due to the Cloudflare OWASP Core Ruleset configuration.

The Cloudflare OWASP Core Ruleset is a set of rules designed to protect against common web application vulnerabilities. When a request triggers one of these rules, it can result in the request being blocked or challenged.

The rule you provided (http.request.uri.path contains "cool.com" and http.request.method eq "POST")(http.request.uri.path contains "cool.com" and http.request.method eq "POST") is likely triggering one of the OWASP rules, causing the request to be blocked.

Changing the action from "Managed Challenge" to "Log" is not a recommended workaround, as it may allow malicious traffic to pass through.

Instead, you can try to identify which specific OWASP rule is being triggered and adjust your configuration accordingly. You can do this by checking the Cloudflare logs to see which rule is being triggered.

Additionally, you can also try to adjust the paranoia level of the OWASP Core Ruleset to a lower level, such as PL1 or PL2, to reduce the likelihood of false positives.

It's also worth noting that you can create overrides for specific rules in the OWASP Core Ruleset to disable them for certain requests or paths. This can be done using the Cloudflare API or the Cloudflare dashboard.

For more information on configuring the Cloudflare OWASP Core Ruleset, you can refer to the Cloudflare documentation: https://developers.cloudflare.com/waf/managed-rules/reference/owasp-core-ruleset/configure-api/

It's also recommended to review the Cloudflare documentation on OWASP Core Ruleset concepts: https://developers.cloudflare.com/waf/managed-rules/reference/owasp-core-ruleset/concepts/

Please let me know if you need more help or guidance on this issue.

Sources

Feedback

Feedback has been submitted! Thank you :)

This is an AI generated response, it may not be 100% accurate. Please validate the output. You can ask followups by replying to this message or mentioning me.

Gagan SuieOP•7/14/25, 9:45 PM

changed http.request.uri.pathhttp.request.uri.path to hostnamehostname. works great!

How do i create a WAF rule to allow file uploads?

Similar Threads

Similar Threads

Similar Threads