No it’s a blog post on the main site we are trying to embed into a page on the LMS which is on another server. The main site is of course on CF not sure about the LMS. It’s Learnworlds.
So before you can create a rule to allow, you need to understand what exactly is blocking it first.
Run Trace on your affected URL to output all the rules that are matching on your request. This should help you narrow down what is causing this issue and if it is a managed rule or a custom setting in your account.
Search Security Events for recent requests to that URL. This should output the exact rule(s) (managed or custom) that caused this. Once you know the exact rule(s), you can either disable or skip.
Finally, if you are trying to use iframe in order to embed the content, you need to make sure CORS headers returned with a blog post allow that.