After JS challenge success, CF send request as POST even though it‘s a GET url

I have been seeing ?__cf_chl_jschl_tk__= attached as query string attached to the URL. My understanding is that Cloudflare attached this after a user passes a challenge — no issue there.

But I don’t understand why some of those requests are sent as POST instead of GET. The URLs they are trying to access is available as GET only. So does CF change the request to POST when a user has completed a challenge, or did the user tries to access the URL via POST? There are a few instances of this and I can’t figure out why they are visiting the site as a POST request (besides potentially malicious reasons originating from the user)

So I’d just like to confirm with you that you don’t change the http method after challenge is completed.

Hi @seeminglee, after the challenge is successfully solved by the user, the original HTTP request that got challenged is sent to your web server. This is different from what you’ll see in the browser’s dev tools, for example, hence the confusion.

@mdemoura Let me explain my issue better. For example, a user would navigate to a URL like this (e.g. browsing on the website)

https://example/path/to/somewhere

As this URL is just a regular link from the browser, it is a GET request under normal circumstances. I have found a few error messages in my logs where the same address is visited via POST:

https://example/path/to/somewhere?__cf_chl_jschl_tk__=aoiuasdkjfhk8asdflkasljaf

And as this endpoint is not defined by GET, the user will see a Method Not Allowed response. I have gotten around it right now by redirecting all POST requests sent to this endpoint to the GET endpoint.

What I am trying to figure out is if Cloudflare will change requests from GET to POST after performing a captcha, or if this is because users are trying to access that URL with POST originally (which would be abnormal).

Because there is quite a lot of these URLs that aren’t designed to handle POST, I thought that i would ask.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.