Clouflare firewall update blocks php file uploads

We have a CMS that allows uploads of filetypes: .php .html, .css, .js
Since a few days with the latest update of Cloudflare this option is
blocked by Cloudflare.

We saw from Security->Events that the error is
relevant to Rule group: Cloudflare Specials

When we disable:Cloudflare Specials its working normally like before.

Could you resolve somehow this specific problem and leave the other
protections of Cloudflare Specials still active?

Below is the error taken from the Security-> Events

May 9, 2023 5:02:56 PM
Managed rules (previous version)
Matched service
Export event JSON

Managed rules (previous version)
Action taken

Rule ID
Rule message
PHP, vBulletin, jQuery File Upload - Code Injection, Dangerous File
Upload - CVE:CVE-2018-9206, CVE:CVE-2019-17132
Rule group
Cloudflare Specials


Please see this reply to a similar topic where a WAF Exception is created for a specific rule, and adapt it to your relevant path elements.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.