You are reading a single comment by @hippy and its replies. Click here to read the full conversation.
  • @Velocio someone is asking me why Cloudflare is blocking a URL.

    Seems the URL in question includes encoded commas, ie. %2c and Cloudflare is blocking it because it's a potential inject attempt. "Restricted SQL Character Anomaly Detection Alert"

    I've never used Cloudflare but I presume there is some way to exclude the URL from detection or detune the blocking so the URL(s) in question will pass?

    Know anything about this kind of thing?

  • On LFGSS?

    This is the SQL injection WAF rule by the sound of it.

    Is this on one of your site's in which you have access to the Cloudflare dashboard? If so the firewall events can be viewed on the traffic tab and it will give the reason.

    I've disabled that WAF rule on here, which is safe to do it you know your web application isn't vulnerable to SQL injection.

About

Avatar for hippy @hippy started