app.name.com dns using Cloudflare proxy, but it’s blocking some file extensions like .pdf .doc .docx (works well with .txt file) when i am trying to upload files from this endpoint adress
https://app.name.com/api/v1/file/upload it’s turn back response 403 what should i do ?
May I ask if you’re uploading via API request for that particular endpoint like via some terminal or like
curl, or rather manually via some kind of an dashboard/interface in your Web browser when you open it?
Regarding the 403 error you’re experiencing, may I ask what kind of troubleshooting steps have you tried so far from an article below?
You could determine if the 403 is caused by Cloudflare by using “Pause” option as follows:
- Use the “Pause Cloudflare on Site” option from the Overview tab for your domain at dash.cloudflare.com .
- The link is in the lower right corner of that page.
- Give it five minutes to take effect, then make sure site is working as expected with HTTPS.
Furthermore, I wonder if any of Cloudflare security & protection settings like Bot Fight Mode or Browser Integrity Check challenged or blocked the request
If yes, then if you navigate to the Cloudflare dashboard → Security → Overview and lookup for Firewall events for the past 24hours or so. Once you find them, click on a particular one to find more details about it (user-agent, IP, HTTP version …).
In my site users can upload file via dashboard/interface but this request sends to
https://app.name.com/api/v1/file/upload api endpoint as a POST. When i paused Cloudflare works fine i can surely say Cloudflare blocking this requests. Also i checked Security>Overview and i saw blocked actions comes from this api endpoint
From Security>WAF>Managed Rules
i disabled “Cloudflare OWASP Core Ruleset” and i can upload files now but i don’t want to close that all rules, i try to close this rules about post and file but still blocking files
920440: URL file extension is restricted by polic
920180: POST without Content-Length or Transfer-En
920202: Range: Too many fields for pdf request (6 or
913120: Found request filename/argument associate
920500: Attempt to access a backup or working file
921190: HTTP Splitting (CR/LF in request filename dete
930120: OS File Access Attempt
930130: Restricted File Access Attempt
931100: Possible Remote File Inclusion (RFI) Attack: UR
931110: Possible Remote File Inclusion (RFI) Attack: C
931120: Possible Remote File Inclusion (RFI) Attack: UR
942320: Detects MySQL and PostgreSQL stored proce
942280: Detects Postgres pg_sleep injection, waitfor
920490: Request header x-up-devcap-post-charset de
920180: POST without Content-Length or Transfer-Enco