Clouflare firewall update blocks php file uploads

manager1 · May 9, 2023, 3:53pm

We have a CMS that allows uploads of filetypes: .php .html, .css, .js
Since a few days with the latest update of Cloudflare this option is
blocked by Cloudflare.

We saw from Security->Events that the error is
relevant to Rule group: Cloudflare Specials

When we disable:Cloudflare Specials its working normally like before.

Could you resolve somehow this specific problem and leave the other
protections of Cloudflare Specials still active?

Below is the error taken from the Security-> Events

May 9, 2023 5:02:56 PM
Block
Greece
79.167.245.234
Managed rules (previous version)
Matched service
Export event JSON

Service
Managed rules (previous version)
Action taken
Block

Rule ID
100026
Rule message
PHP, vBulletin, jQuery File Upload - Code Injection, Dangerous File
Upload - CVE:CVE-2018-9206, CVE:CVE-2019-17132
Rule group
Cloudflare Specials

cbrandt · May 9, 2023, 9:57pm

Hi,

Please see this reply to a similar topic where a WAF Exception is created for a specific rule, and adapt it to your relevant path elements.

system · May 28, 2023, 2:01pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Clouflare firewall update blocks php file uploads

Rule ID 100026 Rule message PHP, vBulletin, jQuery File Upload - Code Injection, Dangerous File Upload - CVE:CVE-2018-9206, CVE:CVE-2019-17132 Rule group Cloudflare Specials

Rule ID
100026
Rule message
PHP, vBulletin, jQuery File Upload - Code Injection, Dangerous File
Upload - CVE:CVE-2018-9206, CVE:CVE-2019-17132
Rule group
Cloudflare Specials