Getting a 403 error on POST request

We have an Angular application that makes POST requests to our backend APIs, and the application is protected with Cloudflare firewall and OWASP. Sometimes, when a user submits a form, it gives a 403 error with Cloudflare’s captcha page returned in the response body. We know that this can be fixed by setting firewall rules, but it’s not an option since it’s prohibited by our company policy.

Is there any way to send POST requests without having to complete the captcha? Can we get around this by manually setting a cf_clearance cookie in the client browser?

Which Cloudflare Security service actually triggers the Captcha? Firewall Rules? Managed WAF? Bot Fight Mode?

Managed WAF

How about configuring the firewall rule to specifically match the destination URL of the form submission, request method and the referrer?

Also, it would be great if you can implement ReCAPTCHA v3 directly into your forms - with v3, users do not need to actually solve the captcha and Google will analyze the user behavior automatically.

Is there any alternative solution? At the moment, we’re unable to configure the firewall as I’ve mentioned in my 1st post.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.