Cloudflare blocking uploads with some file extensions

Hi everyone,
I have app.name.com dns using Cloudflare proxy, but it’s blocking some file extensions like .pdf .doc .docx (works well with .txt file) when i am trying to upload files from this endpoint adress https://app.name.com/api/v1/file/upload it’s turn back response 403 what should i do ?

May I ask if you’re uploading via API request for that particular endpoint like via some terminal or like curl, or rather manually via some kind of an dashboard/interface in your Web browser when you open it? :thinking:

Regarding the 403 error you’re experiencing, may I ask what kind of troubleshooting steps have you tried so far from an article below? :thinking:

You could determine if the 403 is caused by Cloudflare by using “Pause” option as follows:

  1. Use the “Pause Cloudflare on Site” option from the Overview tab for your domain at dash.cloudflare.com .
  2. The link is in the lower right corner of that page.
  3. Give it five minutes to take effect, then make sure site is working as expected with HTTPS.

Furthermore, I wonder if any of Cloudflare security & protection settings like Bot Fight Mode or Browser Integrity Check challenged or blocked the request :thinking:
If yes, then if you navigate to the Cloudflare dashboard → Security → Overview and lookup for Firewall events for the past 24hours or so. Once you find them, click on a particular one to find more details about it (user-agent, IP, HTTP version …).

In my site users can upload file via dashboard/interface but this request sends to https://app.name.com/api/v1/file/upload api endpoint as a POST. When i paused Cloudflare works fine i can surely say Cloudflare blocking this requests. Also i checked Security>Overview and i saw blocked actions comes from this api endpoint

From Security>WAF>Managed Rules
i disabled “Cloudflare OWASP Core Ruleset” and i can upload files now but i don’t want to close that all rules, i try to close this rules about post and file but still blocking files

920440: URL file extension is restricted by polic
920180: POST without Content-Length or Transfer-En
920202: Range: Too many fields for pdf request (6 or
913120: Found request filename/argument associate
920500: Attempt to access a backup or working file
921190: HTTP Splitting (CR/LF in request filename dete
930120: OS File Access Attempt
930130: Restricted File Access Attempt
931100: Possible Remote File Inclusion (RFI) Attack: UR
931110: Possible Remote File Inclusion (RFI) Attack: C
931120: Possible Remote File Inclusion (RFI) Attack: UR
942320: Detects MySQL and PostgreSQL stored proce
942280: Detects Postgres pg_sleep injection, waitfor
920490: Request header x-up-devcap-post-charset de
920180: POST without Content-Length or Transfer-Enco

For a temporary solution i switched OWASP Action block to log from Cloudflare OWASP Core Ruleset, right now i can see why waf blocking files

1 Like