[WAF] Add clarification about OWASP Top 10

pedrosousa · pedrosousa · commit 03e5f4819cbd · 2024-11-18T10:56:24.000Z
diff --git a/src/content/docs/waf/managed-rules/reference/owasp-core-ruleset/index.mdx b/src/content/docs/waf/managed-rules/reference/owasp-core-ruleset/index.mdx
@@ -3,15 +3,22 @@ pcx_content_type: configuration
 title: Cloudflare OWASP Core Ruleset
 sidebar:
   order: 3
-
 ---
 
-import { DirectoryListing } from "~/components"
+import { DirectoryListing } from "~/components";
 
 The Cloudflare OWASP Core Ruleset is Cloudflare's implementation of the [OWASP ModSecurity Core Rule Set](https://owasp.org/www-project-modsecurity-core-rule-set/) (CRS). Cloudflare routinely monitors for updates from OWASP based on the latest version available from the official code repository.
 
 The Cloudflare OWASP Core Ruleset is designed to work as a single entity to calculate a [threat score](/waf/managed-rules/reference/owasp-core-ruleset/concepts/#request-threat-score) and execute an action based on that score. When a rule in the ruleset matches a request, the threat score increases according to the rule score. If the final threat score is greater than the configured [score threshold](/waf/managed-rules/reference/owasp-core-ruleset/concepts/#score-threshold), Cloudflare executes the action configured in the last rule of the ruleset.
 
+:::note
+
+The Cloudflare OWASP Core Ruleset is Cloudflare's implementation of the OWASP ModSecurity Core Rule Set, which is different from the [OWASP Top 10](https://owasp.org/www-project-top-ten/).
+
+The OWASP Top 10 is a list of security risks and recommendations for addressing them. Some of the identified security risks cannot be protected by a firewall, which means that the Cloudflare OWASP Core Ruleset will not directly address all security risks and vulnerabilities identified in OWASP Top 10.
+
+:::
+
 ## Resources
 
 <DirectoryListing />
