Long JSON Request Containing Escaped HTML Gives 403 Forbidden

I need a clarity about Cloudflare Security Measurements

I’m currently building a notification service that the task is to send emails, send sms, send push notification, whatsapp, etc.

but my problem lays when I try to implement API for sending emails. if i send an escaped HTML in the JSON, I sometimes receiving 403 Forbidden with the HTML like shown on the picture. I already done several things to make a workaround for this issue but found an interesting findings.

  • Long HTML (> 5KB) : 403 Forbidden
  • Short HTML (< 1KB) : 200 OK
  • Long Base64 (> 5KB) : 200 OK
  • Short Base64 (< 1KB) : 200 OK
  • Long Plain Text (> 5KB) : 200 OK
  • Short Plain Text (< 1KB) : 200 OK

it seems only long html that gives me 403 forbidden, is there any security measurements that I trigger, regarding this matters?

This looks like your requests are getting filtered as bot activity. There really isn’t much you can do if the host is not yours.


Heres are the response from Cloudflare

thank you for the reply,

can you share some reference regarding this? so I can look into it further :smiley: