Closed Rhan112 closed 2 months ago
mclausen
commented
2 months ago Hi @Rhan112,
Thank you for submitting š
Could you tell us more about the āscan interference issueā and why disabling WAF and security checks is problematic?
Kind regards, @mclausen
Rhan112
commented
2 months ago Hi @mclausen, In the company I work for we run monthly scans against our websites (Hosted through Umbraco), The tool we use to run the scans is called AppCheck. One of the results we see from the scan is "Scan interface - 403 Forbidden Issue". This error prevents from seeing any other risks within the websites. I reached out to Umbraco about this and they mentioned they were able to put in a temporary custom rule which is the "skip WAF features and security checks for requests with given Source IPs." This managed to fix the issue we had. However as it was a temporary solution and the error popped up again after 30days. Therefore I am requesting to make this rule available.
Thanks, Rhan
mclausen
commented
2 months ago Alright, thank you for elaborating :).
I might be a bit off here, but it sounds like "Scan interface - 403 Forbidden Issue" is very unique to AppCheck and that context.
I am not familiar with AppCheck, and I am unsure how it works, so I am assuming that the service just pings the website regularly, is this correct?
As I recall we are not activity-blocking anything from Cloudflare directly unless Cloudflare believes it's a DDOS attack, so I am also curious about other request+response details that you can provide, URLs, headers, etc. To help figure out the right solution.
Rhan112
commented
2 months ago My understanding is that we provide them with the domain names of our website and they scan it by crawling through the websites searching for vulnerabilities.
The sepecific details of the error is "This scan has experienced interference Allowing-AppCheck-Access-to-Your-Network-or-Applications) from either a WAF or IDS system, and will have an impact on the quality of the results found" I have attached the Json file that I passed over to Umbraco support, hope this helps.
mclausen
commented
2 months ago Hi @Rhan112,
Iāve got the full picture now.
From your experience, the rule being disabled after 30 days is likely due to our limited capacity for custom WAF rules, which are also manually maintained. It appears that your rule was rolled back during a general deployment to Cloudflare.
Currently, this isnāt a feature we officially support. However, I believe itās a valid feature to consider for general availability.
Weāll need to investigate our options internally before we can commit to this feature, and weāll get back to you with an update. In the meantime, I will move this issue to discussions.
Best regards, @mclausen
Issue description
Could you please make custom rules available, specifically the skip WAF features and security checks for requests with given Source IPs. this is needed to fix the scan interference issue