1020 on page that sends an SMTP email

Hi, I have an mobile app facing endpoint, ReportItem.aspx, under my cloudflare protected site that is getting a 1020 because of an anomaly score.

The page is a report incident form which submits (action is the same page) and compiles images and personal information (name, email) and sends it via SMTP, port 587, as an email to our mailing server. The page always loads but it will not submit without the 1020.

We have reduced the score threshold to 60 and have also been modifying the OWASP filtering. Additionally, we have put a firewall rule simply to Allow this endpoint, but we are still recieving the error.

At one point, the form could be submitted from an Android device but not an iPhone. And as of today, neither device can get past the 1020. In the past, we were sending a Bearer token in the Authorization, but we have removed that.

Thank you for any insights or assistance.

May I ask what do you see in the Firewall Events tab at Cloudflare dashboard?
Which “rule id” does it say? Firewall Rule, or Managed WAF, score, or some other?
You can find the event from screenshot by the Ray ID value.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.