Skip to content

[WAF] Update troubleshooting.mdx #30784

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
msimoncf wants to merge 2 commits into
base: production
Choose a base branch
from
+128 −0
Open

[WAF] Update troubleshooting.mdx #30784

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
867a3f8
[WAF] Update troubleshooting.mdx
msimoncf May 13, 2026
fb72a96
[WAF] Update troubleshooting.mdx
msimoncf May 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
128 changes: 128 additions & 0 deletions src/content/docs/waf/managed-rules/troubleshooting.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,3 +80,131 @@ If WAF's managed rulesets do not detect a specific attack pattern after verifyin
- Use [WAF attack score](/waf/detections/attack-score/) to complement signature-based managed rules with machine-learning detection. Attack score classifies each request with a score indicating the likelihood it is malicious, even when no managed rule matches.

- Create a [custom rule](/waf/custom-rules/) to block the specific attack pattern. Use fields such as URI path, query string, or HTTP request headers to match the malicious requests.

## Troubleshoot invalid managed rule override

When you try to save changes to a managed ruleset in the Cloudflare dashboard, you may encounter an error if one of your overrides references a rule that no longer exists.

### Symptoms

When you select **Save** after changing the action of a managed rule, the dashboard displays an error similar to the following:
<rule_id> is not a valid value for id because it does not exist in ruleset <ruleset_id>

You may also notice that one of your overrides shows empty or missing rule information.

### Cause

Managed rulesets are maintained by Cloudflare and updated over time. If a rule you previously overrode is removed from the managed ruleset, your configuration may still contain a reference to that rule ID. This invalid reference blocks any new changes to the ruleset until it is removed.

### Resolution

Remove the invalid override using one of the following methods.

### Dashboard

Removing the managed ruleset deployment rule clears all overrides and allows you to re-deploy in a clean state.

<Tabs syncKey="dashNewNav"> <TabItem label="New dashboard" icon="rocket">

<Steps>

1. In the Cloudflare dashboard, go to the **Security rules** page.

<DashButton url="/?to=/:account/:zone/security/security-rules" />

2. (Optional) Filter by **Managed rules**.
3. Search for the managed ruleset you want to configure.
4. Next to the managed ruleset deployment rule you want to delete, select the three dots > **Delete** and confirm the operation.

</Steps>

</TabItem> <TabItem label="Old dashboard">

<Steps>

1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account and domain.
2. Go to **Security** > **WAF** > **Managed rules** tab.
3. Next to the managed ruleset deployment rule you want to delete, select the three dots > **Delete** and confirm the operation.

</Steps>

</TabItem> </Tabs>


### API

Use the [Rulesets API](/ruleset-engine/rulesets-api/) to remove only the invalid override while preserving the rest of your configuration.

1. <Render file="rulesets/api-zone/step1-get-entrypoint" product="waf" params={{ phaseName: "http_request_firewall_managed" }} />

<APIRequest path="/zones/{zone_id}/rulesets/phases/{ruleset_phase}/entrypoint" method="GET" parameters={{ ruleset_phase: "http_request_firewall_managed" }} roles={false} />

```json output {4,5}
{
"result": {
"id": "<RULESET_ID>",
"rules": [
{
"id": "<EXECUTE_RULE_ID>",
"action": "execute",
"action_parameters": {
"id": "<MANAGED_RULESET_ID>",
"matched_data": {
"public_key": "..."
},
"overrides": {
"rules": [
{
"id": "<VALID_RULE_ID>",
"enabled": true
},
{
"id": "<INVALID_RULE_ID>",
"enabled": true
}
]
},
"version": "latest"
},
"expression": "true"
}
]
}
}
```

2. Take note of the following values from the response:
- Ruleset ID (result.id)
- Execute rule ID (result.rules[].id where action is "execute")
- Invalid rule ID (the invalid rule ID inside action_parameters.overrides.rules[])

3. Copy the entire execute rule object from the Step 1 response, then remove only the override object containing the invalid rule ID.

4. Send a PATCH request with the full rule payload.

<APIRequest path="/zones/{zone_id}/rulesets/{ruleset_id}/rules/{rule_id}" method="PATCH" parameters={{ ruleset_id: "<RULESET_ID>", rule_id: "<RULE_ID>" }} roles={false} />

Copy your complete `action_parameters` object from the Step 1 response into the JSON body below. Do not remove other existing fields such as `matched_data`, `categories`, or `version`. Remove only the override object that references the invalid rule ID.

```bash
curl "https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/{ruleset_id}/rules/{rule_id}" \
--request PATCH \
--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
--json '{
"action": "execute",
"expression": "true",
"action_parameters": {
"id": "<MANAGED_RULESET_ID>",
...
"overrides": {
"rules": [
...
]
}
}
}'
```

:::note
The `...` placeholders indicate where you must paste your existing fields from Step 1. Replace the first `...` with your complete existing fields (such as `matched_data`, `version`, etc.). Replace the second `...` with your valid overrides from Step 1, excluding the invalid rule.
:::