Redirect is blocking

Website, Application, Performance Security
1

Hi

I created a new landing page (HOME) that redirect to another page/ip (pro.yyy.com) PRO and fill url with the lead/user email.

PRO/?subscriber_data=%2C%22email%22%3A%22john%40gmail.com&callback=?

But, when PRO page open, Cloudflare block ( Sorry, you have been blocked). How can I fix this? I realy need to keep Cloudflare protecting my PRO page and I really need to send the lead email by URL.

HOME - Cloudflare Gray Cloud
PRO - Cloudflare Orange Cloud

Rule(s) Triggered

ID Description Group
981176 Inbound Anomaly Score Exceeded (Total Score: 38, SQLi=4, XSS=15): Last Matched Message: IE XSS Filters - Attack Detected. OWASP Inbound Blocking [Filter]
960024 Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters OWASP Generic Attacks [Filter]
973332 IE XSS Filters - Attack Detected. OWASP XSS Attacks [Filter]
973333 IE XSS Filters - Attack Detected. OWASP XSS Attacks [Filter]
973344 IE XSS Filters - Attack Detected. OWASP XSS Attacks [Filter]
2

You are trigger the Firewall event for some reason, I guess the url triggers some of the rules.

To fix this best I guess most likely support is your best option, since they know better why those rules are triggered. Unless maybe someone has seen and solved this in the past.

Login to Cloudflare and then contact Cloudflare Support using the “Get More Help” button.

3

So log shows that you redirect is being blocked because of XSS and the url that is being used looks like something that would be used in XSS attack.
You could disable the OWASP XSS filters and it would no longer trigger.
In general having the the data appear the url is a bad idea because it can lead to XSS attacks.

2 Likes
4

This topic was automatically closed after 30 days. New replies are no longer allowed.