Confusing Security Error "attack-surface-report"

I was working across 2 domains making some quick updates in the web interface and I got 2 rapid sequential API errors when changing from one page to another. The messaging itself raised concern, since I have automation and application API integrations that run and I don’t interact with regularly. In checking my systems and logs, there was no reason I could see - and importantly - no outside calls to the API in the applicable time window that I found.

And so, it begs the questions: I got these API errors and are they just from using the web interface? If so, what happened? My changes seemed to go through, as far as I know. I got prompted for a CAPTCHA soon after … was there something odd about my web interaction that I should be concerned with? Ultimately was this just an asynchronous web glitch or something of real concern with my desktop, services or something else…!?

Ulitmately, the error is unhelpful and sub par and (perhaps unecessarily) causes concern. It tells me there was a spoof check denial-based failure of a form I had posted, essentially. Maybe. But again, I was not making any form change at the time - and all changes appeared to have executed earlier without an issue.

If cloudflare web requests are being queued, thats fine. Great actually. But … cloudflare web based errors need to be more helpful in order to afford someone like me the chance to investigate properly - and not waste my time.


API Request Failed: POST /api/v4/accounts/[account id]/intel/attack-surface-report/checkers/spf_check (403)

If anyone can shed any light on this - or confirm my suspicion that its just bad error messaging and nothing to be concerned with - I would appreciate it.

I believe this is related to below topic:

Interesting… yes, perhaps there was an internal cloudflare communication (web request queue) problem in the past - and what I saw today was similar…

my points remain relevant.

ty @fritex

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.