Sanity Check Service

While security testing our application, we’ve temporarily added a bypass for WAF rules from select IP’s.

Most requests that were being blocked are now going through as we expected, but a few are still being rejected by the “Sanity Check Service”.

What is this Service?

It appears to at least partially protect against XSS, as we’ve seen 418’s with this error code returning from Cloudflare instead of 403’s.

Can it be Bypassed temporarily like the WAF can?

I’ve never seen a Sanity Check Service. Can you post a screenshot of that?

It shows up on the typical Firewall traffic analysis for a specific IP.
I noticed “Sanity Check” service as the only remaining blocked traffic after Bypassing the WAF for the testing IP.

The traffic blocked is a rounding error on our application endpoint. Out of 1 million requests fewer than 1000 were Blocked by Sanity Check Service.

Almost 500k were allowed outright
Almost 500k were bypass on WAF rule rejections

The attempted payload was a bunch of typical exploits, XSS etc

Looks like we got an official ruling from support that:
“As I mentioned Sanity Check cannot be disabled at this time, unfortunately.”

This topic was automatically closed after 14 days. New replies are no longer allowed.