Cloudflare Docs
Edit this page on GitHub
Set theme to dark (⇧+D)

OWASP evaluation example

The following example calculates the OWASP request threat score for an incoming request. The OWASP managed ruleset configuration is the following:

  • OWASP Anomaly Score Threshold: High - 25 and higher
  • OWASP Paranoia Level: PL3
  • OWASP Action: Managed Challenge

This table shows the progress of the OWASP ruleset evaluation:

Rule IDParanoia levelRule matched?Rule scoreCumulative
threat score
...f3b37cb1PL4(not evaluated)26

Final request threat score: 26

Since 26 >= 25 — that is, the threat score is greater than the configured score threshold — the WAF will apply the configured action (Managed Challenge). If you had configured a score threshold of Medium - 40 and higher, the WAF would not apply the action, since the request threat score would be lower than the score threshold (26 < 40).

The Activity log in Security Events would display the following details for the example incoming request handled by the OWASP Core Ruleset:

Event log for example incoming request mitigated by the WAF&rsquo;s OWASP Core Ruleset

In the activity log, the rule associated with requests mitigated by the Cloudflare OWASP Core Ruleset is the last rule in this managed ruleset: 949110: Inbound Anomaly Score Exceeded, with rule ID ...843b323c . To get the scores of individual rules contributing to the final request threat score, expand Additional logs in the event details.