Discussion in 'Server Configuration and Hosting' started by RoldanLT, Jan 27, 2015.
Does someone enable this on your XenForo based forum?
Any reviews and experience?
I have tried that but on vb, not xf .. yet.
So far it doesn't block legit request?
When i let it run for +- 1 week, there is no "hit" on each rule in WAF.
So it seems no "malicious" request had been received by the WAF
And i turned it off now.
I've had around 2000 hits, mostly from OWASP XSS Attacks rules. Running on low sensitivity.
I'm running HIGH Sensitivity now
Getting lots of hits to admin.php lately and CF is blocking them like a boss.
Btw Roldan, do you have HSTS enabled?
I have mine disabled.
Cause I offer HTTP/HTTPS as an option to my users.
Separate names with a comma.