Salesforce Service Cloud requests getting blocked

We’re using the Salesforce Service Cloud for our company’s help center and some of its internal requests are blocked. I can’t expose the actual domain, so I’ll substitute it with An example request looks like this:

When the URL is decoded, it becomes obvious that there’s JSON in it:{"mode"%3A"PROD"%2C"app"%3A"c%3ASurveyAuraHandler"%2C"fwuid"%3A"QPQi8lbYE8YujG6og6Dqgw"%2C"loaded"%3A{"APPLICATION%40markup%3A%2F%2Fc%3ASurveyAuraHandler"%3A"WtLTMPrWrsQ-v-iD3BMArA"}%2C"apce"%3A1%2C"apck"%3A"IWwO2xsruDz6PdeL9BJ0YA"%2C"mlr"%3A1%2C"pathPrefix"%3A""%2C"dns"%3A"c"%2C"ls"%3A1%2C"lrmc"%3A"533941497"}/bootstrap.js?ltngOut=true

Cloudflare blocks those requests, which results in HTTP 403 response codes and the Salesforce app breaks. My guess is that Cloudflare flags the URL, since having JSON in it is indeed shady.

I’ve added a “Disable Security” page rule for path* and the URLs are no longer flagged, but completely disabling the security features by Cloudflare sounds like a bad idea. Are there other solutions? What would be the best thing to do here?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.