Bypass leaked credentials scan
Is it possible to bypass the leaked credentials scan entirely? Ever since this was added I'm seeing increased response times from my API and a ton of warnings in the WAF action logs. In one case it detected leaked credentials in a .mp3 file? I'd like to disable this scan completely if possible.
7 Replies
I have not enabled anything myself or created any firewall rules for this service. It seems to be enabled by default.
should be the first option
you also need to check if you have any custom rules in your WAF that block leaked credentials
Is this a premium option only? I don’t have this toggle.
I’m on the free plan and the first option for me is Security level
if it's not available then I'm afraid yes. I don't have a free zone available for me to check, and the cloudflare docs are unfortunately being vague about it
I think it is the case that the leaked creds rule is enabled as part of the “free managed ruleset” but the toggle is hidden behind the premium plan. Thank you for your help!