diff --git a/public/__redirects b/public/__redirects
index cac3938db49579f..3d729dec1ac8d04 100644
--- a/public/__redirects
+++ b/public/__redirects
@@ -1633,6 +1633,7 @@
/waf/reference/migration-guides/old-rate-limiting-deprecation/ /waf/reference/legacy/old-rate-limiting/upgrade/ 301
/waf/reference/migration-guides/waf-managed-rules-migration/ /waf/reference/legacy/old-waf-managed-rules/upgrade/ 301
/waf/reference/migration-guides/firewall-rules-to-custom-rules/ /waf/reference/legacy/firewall-rules-upgrade/ 301
+/waf/managed-rules/handle-false-positives/ /waf/managed-rules/troubleshooting/ 301
# waiting-room
/waiting-room/how-to/mobile-traffic/ /waiting-room/how-to/json-response/ 301
diff --git a/src/content/docs/waf/get-started.mdx b/src/content/docs/waf/get-started.mdx
index 385f2a3311e9440..f0bb1e5a9b4f99f 100644
--- a/src/content/docs/waf/get-started.mdx
+++ b/src/content/docs/waf/get-started.mdx
@@ -45,7 +45,7 @@ The [Cloudflare Managed Ruleset](/waf/managed-rules/reference/cloudflare-managed
By default, the Cloudflare Managed Ruleset enables only a subset of rules and it is designed to strike a balance between protection and false positives. You can review and enable additional rules based on your application technology stack.
-In particular situations, enabling the managed ruleset can cause some false positives. False positives are legitimate requests inadvertently mitigated by the WAF. For information on addressing false positives, refer to [Handle false positives](/waf/managed-rules/handle-false-positives/).
+In particular situations, enabling the managed ruleset can cause some false positives. False positives are legitimate requests inadvertently mitigated by the WAF. For information on addressing false positives, refer to [Troubleshoot managed rules](/waf/managed-rules/troubleshooting/#handle-false-positives).
If you are testing the WAF against pentesting tools, it is recommended that you enable all rules by using the following ruleset configuration:
@@ -69,7 +69,6 @@ If you are an Enterprise customer, do the following:
1. Reach out to your account team to get access to WAF attack score.
2. [Create a custom rule](/waf/custom-rules/create-dashboard/) using the Attack Score field:
-
- **If incoming requests match**:
| Field | Operator | Value |
@@ -89,7 +88,6 @@ Bot score is only available to Enterprise customers with [Bot Management](/bots/
Customers with access to [Bot Management](/bots/get-started/bot-management/) can block automated traffic (for example, from [bots scraping online content](https://www.cloudflare.com/learning/bots/what-is-content-scraping/)) using a custom rule with bot score, preventing this traffic from hitting your application.
1. [Create a custom rule](/waf/custom-rules/create-dashboard/) using the Bot Score and Verified Bot fields:
-
- **If incoming requests match**:
| Field | Operator | Value | Logic |
diff --git a/src/content/docs/waf/managed-rules/handle-false-positives.mdx b/src/content/docs/waf/managed-rules/handle-false-positives.mdx
deleted file mode 100644
index b6109a3b844efb5..000000000000000
--- a/src/content/docs/waf/managed-rules/handle-false-positives.mdx
+++ /dev/null
@@ -1,29 +0,0 @@
----
-pcx_content_type: concept
-title: Handle false positives
-sidebar:
- order: 4
----
-
-import { RuleID } from "~/components";
-
-If you encounter a false positive caused by a managed rule, do one of the following:
-
-- **Add an exception**: [Exceptions](/waf/managed-rules/waf-exceptions/) allow you to skip the execution of WAF managed rulesets or some of their rules for certain requests.
-
-- **Adjust the OWASP managed ruleset**: A request blocked by the rule with ID and description `949110: Inbound Anomaly Score Exceeded` refers to the [Cloudflare OWASP Core Ruleset](/waf/managed-rules/reference/owasp-core-ruleset/). To resolve the issue, [configure the OWASP managed ruleset](/waf/managed-rules/reference/owasp-core-ruleset/configure-dashboard/).
-
-- **Disable the corresponding managed rule(s)**: Create an override to disable specific rules. This may avoid false positives, but you will also reduce the overall site security. Refer to the [dashboard instructions](/waf/managed-rules/deploy-zone-dashboard/#configure-a-managed-ruleset) on configuring a managed ruleset, or to the [API instructions](/ruleset-engine/managed-rulesets/override-managed-ruleset/) on creating an override.
-
-:::note
-
-If you contact Cloudflare Support to verify whether a WAF managed rule triggers as expected, [provide a HAR file](/support/troubleshooting/general-troubleshooting/gathering-information-for-troubleshooting-sites/#generate-a-har-file) captured while sending the specific request of concern.
-:::
-
-## Additional recommendations
-
-- If one specific rule causes false positives, disable that specific rule and not the entire ruleset.
-
-- For false positives with the administrator area of your website, add an [exception](/waf/managed-rules/waf-exceptions/) disabling a managed rule for the admin section of your site resources. You can use an expression similar to the following:
-
- `http.host eq "example.com" and starts_with(http.request.uri.path, "/admin")`
diff --git a/src/content/docs/waf/managed-rules/troubleshooting.mdx b/src/content/docs/waf/managed-rules/troubleshooting.mdx
new file mode 100644
index 000000000000000..f2e565aa783d159
--- /dev/null
+++ b/src/content/docs/waf/managed-rules/troubleshooting.mdx
@@ -0,0 +1,69 @@
+---
+pcx_content_type: troubleshooting
+title: Troubleshoot managed rules
+sidebar:
+ order: 4
+ label: Troubleshooting
+---
+
+import { RuleID } from "~/components";
+
+By default, WAF's managed rulesets are compatible with most websites and web applications. However, false positives and false negatives may occur:
+
+- **False positives**: Legitimate requests detected and mitigated as malicious.
+- **False negatives**: Malicious requests that were not mitigated and reached your origin server.
+
+## Troubleshoot false positives
+
+You can use [Security Events](/waf/analytics/security-events/) to help you identify what caused legitimate requests to get blocked. Add filters and adjust the report duration as needed.
+
+If you encounter a false positive caused by a managed rule, do one of the following:
+
+- **Add an exception**: [Exceptions](/waf/managed-rules/waf-exceptions/) allow you to skip the execution of WAF managed rulesets or some of their rules for certain requests.
+
+- **Adjust the OWASP managed ruleset**: A request blocked by the rule with ID and description `949110: Inbound Anomaly Score Exceeded` refers to the [Cloudflare OWASP Core Ruleset](/waf/managed-rules/reference/owasp-core-ruleset/). To resolve the issue, [configure the OWASP managed ruleset](/waf/managed-rules/reference/owasp-core-ruleset/configure-dashboard/).
+
+- **Disable the corresponding managed rule(s)**: Create an override to disable specific rules. This may avoid false positives, but you will also reduce the overall site security. Refer to the [dashboard instructions](/waf/managed-rules/deploy-zone-dashboard/#configure-a-managed-ruleset) on configuring a managed ruleset, or to the [API instructions](/ruleset-engine/managed-rulesets/override-managed-ruleset/) on creating an override.
+
+:::note
+If you contact Cloudflare Support to verify whether a WAF managed rule triggers as expected, [provide a HAR file](/support/troubleshooting/general-troubleshooting/gathering-information-for-troubleshooting-sites/#generate-a-har-file) captured while sending the specific request of concern.
+:::
+
+### Additional recommendations
+
+- If one specific rule causes false positives, disable that specific rule and not the entire ruleset.
+
+- For false positives with the administrator area of your website, add an [exception](/waf/managed-rules/waf-exceptions/) disabling a managed rule for the admin section of your site resources. You can use an expression similar to the following:
+
+ `http.host eq "example.com" and starts_with(http.request.uri.path, "/admin")`
+
+## Troubleshoot false negatives
+
+To identify false negatives, review the HTTP logs on your origin server.
+
+To reduce false negatives, use the following checklist:
+
+- Are DNS records that serve HTTP traffic [proxied through Cloudflare](/dns/proxy-status/)?
+ Cloudflare only mitigates requests in proxied traffic.
+
+- Have you deployed any of the [WAF managed rulesets](/waf/managed-rules/#available-managed-rulesets) in your zone?
+ You must [deploy a managed ruleset](/waf/managed-rules/deploy-zone-dashboard/#deploy-a-managed-ruleset) to apply its rules.
+
+- Are Managed Rules being skipped via an [exception](/waf/managed-rules/waf-exceptions/)?
+ Use [Security Events](/waf/analytics/security-events/) to search for requests being skipped. If necessary, adjust the exception expression so that it matches the attack traffic that should have been blocked.
+
+- Have you enabled any necessary managed rules that are not enabled by default?
+ Not all rules of WAF managed rulesets are enabled by default, so you should review individual managed rules.
+ - For example, Cloudflare allows requests with empty user agents by default. To block requests with an empty user agent, enable the rule with ID in the Cloudflare Managed Ruleset.
+ - Another example: If you want to block unmitigated SQL injection (SQLi) attacks, make sure the relevant managed rules tagged with `sqli` are enabled in the Cloudflare Managed Ruleset.
+
+ For instructions, refer to [Configure a managed ruleset](/waf/managed-rules/deploy-zone-dashboard/#configure-a-managed-ruleset).
+
+- Is the attack traffic matching a custom rule [skipping all Managed Rules](/waf/custom-rules/skip/)?
+ If necessary, adjust the custom rule expression so that it does not apply to the attack traffic.
+
+- Is the attack traffic matching an allowed ASN, IP range, or IP address in [IP Access rules](/waf/tools/ip-access-rules/)?
+ Review your IP Access rules and make sure that any allow rules do not match the attack traffic.
+
+- Is the malicious traffic reaching your origin IP addresses directly, therefore bypassing Cloudflare protection?
+ Block all traffic except from [Cloudflare's IP addresses](/fundamentals/concepts/cloudflare-ip-addresses/) at your origin server.