NGFW Inspection error and blocking the sites

Answer these questions to help the Community help you with Security questions.

What is the domain name?
The domain names are: address.bg and imoteka.bg

*Describe the issue you are having: Hi! These two sites are behind Forcepoint NGFW and behind your Cloudflare WAF but we have got issues regarding the inspection policies predefined by Forcepoint and several situations are being hit by the connection from Cloudflare. These are one of them: HTTPS_CS-HTML-in-HTTP-POST and Apache-HTTP-Server-Mod_rpaf-X-Forwarded-For-Denial-Of-Service and as a result, the sites are going to the blocklist. Can you tell us why the FW assume the requests from Cloudflare as potential risks and how should we fix this because the access to the sites goes down very often? Thanks in advance!

*Please attach a screenshot of the error:

I am afraid that is a question for your firewall vendor.

As a quick search showed :wink:, at least the second rule is documented at Intrusion Prevention | FortiGuard

Either your firewall does not like the proxy headers Cloudflare adds and you need to reconfigure it or these requests were supposed to be blocked.

I’d first clarify if these were legitimate requests, and if they were, check your firewall configuration and make any necessary adjustments so that it does not block requests any more. If there is something unclear about how to configure the firewall, contact your firewall vendor.

1 Like

Hi! Can you tell us how to remove the X-Forward header from Cloudflare if you know to test if this will fix the problem?

Certain headers can be dropped with request rules, but before you do that, establish if that really is the issue.

Hi! Can you tell us how would be the best way to do this because we wanna test it to be sure if this is exactly the problem? We think that if we try to remove the X-Forward header from Cloudflare will maybe fix the problem but we are not sure how exactly to do it effectively. Thanks in advance!

I am afraid mentioned rules cannot drop the header, but the header generally is not an issue. You best fix the server configuration as everything else would not be a very stable implementation.

1 Like

Thanks! We fixed it from the firewall.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.