App can no longer upload files through cloudflare


#1

Hello,

I have my website going through cloud flare, and its working great!

However I have a Android Java app that uploads images to the same website using https connection using java code.

My code works when i disable cloudflare, but gets a “forbidden” error with cloudflare is enabled.

My website is on amazon ec2, and i have the security group enabled to only accept connections from these IP/port https://www.cloudflare.com/ips/ only

My android code is uploading using my sites domain which now goes through cloudflare, downloads to the app work, but uploading images from app to server dont.

Anybody have any idea what could cause this, or how to fix it?Maybe cloudflare blocks uploads to prevent hacking?

Thanks much!


#2

Have you checked the Firewall Events log in Cloudflare? It’s in the bottom of the Firewall section of your Cloudflare settings.


#3

Hello sdayman,

Thanks for the suggestion, i looked and there are some “blocking” events shown there, cloudflare thinks is a php injection attack or sql injection attack, but its just me trying to get through.

The rules that caused the blocking was a WAF rule triggered,and match triggered.

I have a specific php file im calling, is there a way to set a rule to allow me to call that specific php file that i use to upload images to my server, while still blocking hackers from using that same rule?

Thanks


#4

You can create a Page Rule that matches example.com/path/to/specific.php and add a setting to set Web Application Firewall to off. At least that’s what I had to do for one of my sites. A Page Rule to Bypass Security would be a more aggressive/risky approach.


#5

Thanks for the info, but if someone wants to hack my site, can they do sql and php injection by faking access to that file php file since the rule will stop cloudflare from taking any action if that file is the thing being accessed?

Thanks


#6

You will lose some protection for that specific.php script. Ideally, your script would be secure against hacking on its own. Cloudflare is just helping out by plugging holes.

On the Page Rules page, there should be a blue button to Create Page Rule. Unless you’ve used up all your Page Rules. As soon as you click that, a window will open to type in your php URL and then a link to +Add a Setting. Ah…free plan doesn’t have the WAF option. Then go with Bypass Security. Or you can try “Security Level” and set it lower. I’d experiment with both.


#7

This topic was automatically closed after 14 days. New replies are no longer allowed.