Long JSON Request Containing Escaped HTML Gives 403 Forbidden

I need a clarity about Cloudflare Security Measurements

I’m currently building a notification service that the task is to send emails, send sms, send push notification, whatsapp, etc.

but my problem lays when I try to implement API for sending emails. if i send an escaped HTML in the JSON, I sometimes receiving 403 Forbidden with the HTML like shown on the picture. I already done several things to make a workaround for this issue but found an interesting findings.

  • Long HTML (> 5KB) : 403 Forbidden
  • Short HTML (< 1KB) : 200 OK
  • Long Base64 (> 5KB) : 200 OK
  • Short Base64 (< 1KB) : 200 OK
  • Long Plain Text (> 5KB) : 200 OK
  • Short Plain Text (< 1KB) : 200 OK

it seems only long html that gives me 403 forbidden, is there any security measurements that I trigger, regarding this matters?

This looks like your requests are getting filtered as bot activity. There really isn’t much you can do if the host is not yours.

edit:

Heres are the response from Cloudflare

thank you for the reply,

can you share some reference regarding this? so I can look into it further :smiley: