Problem with PHP POST Method and WAF

Hello !

Actually, I’m develloping my website. As a lot of others, I have a register/login system. Yesterday, one of my friend tested the website’s forms security. He filled the database with fakes accounts only with a python script (it fill the form’s fields and send it to the database). He created 1200 fakes accounts…

So, I just found in the Cloudflare’s firewall how to setup a captcha when a form is sent with the “POST” method. Visitors are successfully redirected on the captcha page, but the form is’nt sent. First problem : the user have to fill the form twice (once before the captcha and another once after that).

Second problem : if the fields aren’t correctly filled, there’s some error messages, setuped with PHP’s variables. Without the firewall rule, the error messages are displayed, but when the rule is enabled, at the first send after the captcha, users are redirected on the same form… but it’s empty… (In case of fields aren’t correctly filled, the error messages don’t display).

After the captcha, all systems are working. But for the first send, users have to fill the forms twice, and it’s an important problem.

My question is : do know how can I protect my database/website from this type of spam (with form and POST method) without all those problems ?

Sorry for my english, I’m a french student.

Thanks to all,

Axel.

Hi, engineer on the Firewall team here.

We’ve recently fixed the issue where the user would have to fill the form twice if they were served a challenge by one of the security features. You can read more about it in my comment here: URL of website.

Can you try again and see if your issue is solved?

Hi !

Finally, I just setuped a Google’s Captcha. But I think I’ll try this option once again soon for some security tests. Thank you very much for your time and your answer,

Axel.