[Support Feedback] Add false positive remediation guide and domain categorization (WAF)#28993
Open
dmmulroy wants to merge 3 commits intocloudflare:productionfrom
Open
[Support Feedback] Add false positive remediation guide and domain categorization (WAF)#28993dmmulroy wants to merge 3 commits intocloudflare:productionfrom
dmmulroy wants to merge 3 commits intocloudflare:productionfrom
Conversation
dmmulroy
requested review from
a team,
andre-j3sus and
pedrosousa
as code owners
dmmulroy
force-pushed
the
support-macros/waf
branch
from
7caeb18 to
bfaf883
Compare
zeinjaber
reviewed
Mar 17, 2026
src/content/docs/radar/glossary.mdx
Outdated
| In some cases, a domain may be miscategorized. For example, a social media site might be categorized as "Shopping & Auctions". If you believe a domain is miscategorized, or a domain has not yet been categorized, you can request a change through any of the following methods: | ||
|
|
||
| - **Radar**: Select **Domain Categorization Feedback** on the [Radar domain feedback page](https://radar.cloudflare.com/domains/feedback). | ||
| - **Security Center**: In the Cloudflare dashboard, go to **Security Center** > **Investigate**, search for the domain, then select **Request to change categorization**. For detailed steps, refer to [Change categorization](/security-center/investigate/change-categorization/). |
Contributor
There was a problem hiding this comment.
@dmmulroy
go to **Security Center** > **Investigate** is outdated.
Correct one: go to **Application Security** > **Investigate**
| Before taking action, identify which rule blocked the request: | ||
|
|
||
| - **Disable the corresponding managed rule(s)**: Create an override to disable specific rules. This may avoid false positives, but you will also reduce the overall site security. Refer to the [dashboard instructions](/waf/managed-rules/deploy-zone-dashboard/#configure-a-managed-ruleset) on configuring a managed ruleset, or to the [API instructions](/ruleset-engine/managed-rulesets/override-managed-ruleset/) on creating an override. | ||
| 1. Go to **Security** > **Events** in the Cloudflare dashboard. |
Contributor
There was a problem hiding this comment.
@dmmulroy
change to: Security > Analytics > Events
|
|
||
| - **Disable the corresponding managed rule(s)**: Create an override to disable specific rules. This may avoid false positives, but you will also reduce the overall site security. Refer to the [dashboard instructions](/waf/managed-rules/deploy-zone-dashboard/#configure-a-managed-ruleset) on configuring a managed ruleset, or to the [API instructions](/ruleset-engine/managed-rulesets/override-managed-ruleset/) on creating an override. | ||
| 1. Go to **Security** > **Events** in the Cloudflare dashboard. | ||
| 2. Filter by the request details (IP address, URI path, timestamp) to find the blocked event. |
Contributor
There was a problem hiding this comment.
Filter by the request details (IP address, URI path, timestamp or Ray ID) to find the blocked event.
| ### Recommended remediation steps | ||
|
|
||
| Follow this decision tree based on the rule that triggered the false positive: | ||
|
|
Contributor
There was a problem hiding this comment.
@dmmulroy
Also, worth mentioning https://developers.cloudflare.com/waf/managed-rules/payload-logging/configure/ to inspect payload and confirm if traffic is FP or not.
…tion from support macro audit SPM-3037
…egacy WAF overrides
- Update 'Security Center > Investigate' to 'Application Security > Investigate' in radar glossary - Fix nav path to 'Security > Analytics > Events' in WAF troubleshooting - Add Ray ID to event filter criteria - Add payload logging reference for confirming false positives
dmmulroy
force-pushed
the
support-macros/waf
branch
from
e95e235 to
0ca1b3c
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds WAF troubleshooting guidance for the two most common WAF-related support topics, based on an audit of active support macros.
Changes
Context
These changes are driven by recurring support cases. If you want to see the underlying support data (macro frequency, case volume by topic), reach out to @dmmulroy internally.