SOAP requests getting 403 Forbidden Messages

Our customers are reporting transient 403 Forbidden behavior with our SOAP UI, where client/user will make SOAP UI calls with our standard SOAP Envelope. A customer will disable that user on our platform, and then enable that user for a few hours or a day and then be able to make the same SOAP calls, but after a few hours will get blocked. I’ve looked through cloudflare specials and did not find any rules in there related to SOAP or XML. Our WAF is set to medium and simulate.

The message they’re receiving is:

This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

Here is an example the SOAP call that is being made with some redactions to protect customer privacy:

<?xml version="1.0" encoding="UTF-8"?>

<soapenv:Envelope xmlns:soapenv=“http://schemas.xmlsoap.org/soap/envelope/”>

soapenv:Body

  <ns6:PostLoads xmlns:ns6="http://soap_ui.ourwebsite.com/vXXXX" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays" xmlns:ns2="http://schemas.datacontract.org/2004/07/Truckstop2.Objects" xmlns:ns3="http://schemas.datacontract.org/2004/07/WebServices" xmlns:ns4="http://schemas.datacontract.org/2004/07/WebServices.Objects" xmlns:ns5="http://schemas.datacontract.org/2004/07/WebServices.Posting" xmlns:ns7="http://schemas.microsoft.com/2003/10/Serialization/">

     <ns6:loads>

        <ns3:IntegrationId>IntNumberxxx</ns3:IntegrationId>

        <ns3:Password>xxxxxxx</ns3:Password>

        <ns3:UserName>xxxxxxx</ns3:UserName>

        <ns5:FullImport>false</ns5:FullImport>

        <ns5:Loads>

           <ns4:Load>

              <ns4:DeliveryDate>2020-02-27T00:00:00</ns4:DeliveryDate>

              <ns4:DestinationCity>HOUSTON</ns4:DestinationCity>

              <ns4:DestinationCountry>USA</ns4:DestinationCountry>

              <ns4:DestinationState>TX</ns4:DestinationState>

              <ns4:EquipmentOptions />

              <ns4:IsFavorite>false</ns4:IsFavorite>

              <ns4:IsLoadFull>true</ns4:IsLoadFull>

              <ns4:Length>48</ns4:Length>

              <ns4:LoadId>0</ns4:LoadId>

              <ns4:LoadNumber>30761947</ns4:LoadNumber>

              <ns4:OriginCity>LIVINGSTON</ns4:OriginCity>

              <ns4:OriginCountry>USA</ns4:OriginCountry>

              <ns4:OriginState>MT</ns4:OriginState>

              <ns4:PickUpDate>2020-02-24T00:00:00</ns4:PickUpDate>

              <ns4:Quantity>1</ns4:Quantity>

              <ns4:SpecInfo>x182; John Doe 6' or 8'tarp</ns4:SpecInfo>

              <ns4:TypeOfEquipment>F</ns4:TypeOfEquipment>

              <ns4:Weight>48000</ns4:Weight>

              <ns4:Width>0</ns4:Width>

           </ns4:Load>

           <ns4:Load>

              <ns4:DeliveryDate>2020-02-26T00:00:00</ns4:DeliveryDate>

              <ns4:DestinationCity>LAREDO</ns4:DestinationCity>

              <ns4:DestinationCountry>USA</ns4:DestinationCountry>

              <ns4:DestinationState>TX</ns4:DestinationState>

              <ns4:EquipmentOptions />

              <ns4:IsFavorite>false</ns4:IsFavorite>

              <ns4:IsLoadFull>true</ns4:IsLoadFull>

              <ns4:Length>48</ns4:Length>

              <ns4:LoadId>0</ns4:LoadId>

              <ns4:LoadNumber>30761993</ns4:LoadNumber>

              <ns4:OriginCity>COLUMBIA</ns4:OriginCity>

              <ns4:OriginCountry>USA</ns4:OriginCountry>

              <ns4:OriginState>TN</ns4:OriginState>

              <ns4:PickUpDate>2020-02-24T00:00:00</ns4:PickUpDate>

              <ns4:Quantity>1</ns4:Quantity>

              <ns4:SpecInfo>x966; John Doe // $0000</ns4:SpecInfo>

              <ns4:TypeOfEquipment>F</ns4:TypeOfEquipment>

              <ns4:Weight>40000</ns4:Weight>

              <ns4:Width>0</ns4:Width>

           </ns4:Load>

           <ns4:Load>

              <ns4:DeliveryDate>2020-02-26T00:00:00</ns4:DeliveryDate>

              <ns4:DestinationCity>LAREDO</ns4:DestinationCity>

              <ns4:DestinationCountry>USA</ns4:DestinationCountry>

              <ns4:DestinationState>TX</ns4:DestinationState>

              <ns4:EquipmentOptions />

              <ns4:IsFavorite>false</ns4:IsFavorite>

              <ns4:IsLoadFull>true</ns4:IsLoadFull>

              <ns4:Length>0</ns4:Length>

              <ns4:LoadId>0</ns4:LoadId>

              <ns4:LoadNumber>123456789</ns4:LoadNumber>

              <ns4:OriginCity>COLUMBIA</ns4:OriginCity>

              <ns4:OriginCountry>USA</ns4:OriginCountry>

              <ns4:OriginState>TN</ns4:OriginState>

              <ns4:PickUpDate>2020-02-24T00:00:00</ns4:PickUpDate>

              <ns4:Quantity>1</ns4:Quantity>

              <ns4:SpecInfo>x966; John Doe // $0000</ns4:SpecInfo>

              <ns4:TypeOfEquipment>SD</ns4:TypeOfEquipment>

              <ns4:Weight>40000</ns4:Weight>

              <ns4:Width>0</ns4:Width>

           </ns4:Load>

        </ns5:Loads>

     </ns6:loads>

  </ns6:PostLoads>

</soapenv:Body>

</soapenv:Envelope>

This topic was automatically closed after 30 days. New replies are no longer allowed.