Handle false positives
If you encounter a false positive caused by a managed rule, do one of the following:
-
Add an exception: Exceptions allow you to skip the execution of WAF managed rulesets or some of their rules for certain requests.
-
Adjust the OWASP managed ruleset: A request blocked by the rule with ID
949110: Inbound Anomaly Score Exceededrefers to the Cloudflare OWASP Core Ruleset. To resolve the issue, configure the OWASP managed ruleset. -
Disable the corresponding managed rule(s): Create an override to disable specific rules. This may avoid false positives, but you will also reduce the overall site security. Refer to the dashboard instructions on configuring a managed ruleset, or to the API instructions on creating an override.
-
If one specific rule causes false positives, disable that specific rule and not the entire ruleset.
-
For false positives with the administrator area of your website, add an exception disabling a managed rule for the admin section of your site resources. You can use an expression similar to the following:
http.host eq "example.com" and starts_with(http.request.uri.path, "/admin")
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark