Some API Requests result in OWASP Block (981176) Error

Answer these questions to help the Community help you with Security questions.

What is the domain name?

Have you searched for an answer?

Please share your search results url:

When you tested your domain, what were the results?
The test query returns a 403, asking the client to enable Javascript and cookies so it can perform an authorization.

Describe the issue you are having:
Cloudflare is initiating a client challenge.

What error message or number are you receiving?
The log files show that the request initiated a “Managed Challenge” due to rule ID "OWASP Block (981176).

Detailed logs:
960335 · Too many arguments in request ~ OWASP Request Limits
960024 · Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters ~ OWASP Generic Attacks
981231 · SQL Comment Sequence Detected ~ OWASP SQL Injection Attacks
950001 · SQL Injection Attack ~ OWASP SQL Injection Attacks
959073 · SQL Injection Attack ~ OWASP SQL Injection Attacks
981257 · Detects MySQL comment-/space-obfuscated injections and backtick termination ~ OWASP SQL Injection Attacks
981245 · Detects basic SQL authentication bypass attempts 2/3 ~ OWASP SQL Injection Attacks
981249E · Detects chained SQL injection attempts 2/2 ~ OWASP SQL Injection Attacks
981243 · Detects classic SQL injection probings 2/2 ~ OWASP SQL Injection Attacks

What steps have you taken to resolve the issue?

  1. Reviewing the test request for SQL code, common injection characters (like semi-colons), and backticks - there were none

Was the site working with SSL prior to adding it to Cloudflare?
Yes. The system has been working on Cloudflare for the last several years. This is a new issue that just recently started.

What are the steps to reproduce the error:

This is a private web application and requires credentials in order to submit the request.
If a POST request is made to the API endpoint using the payload below, it will fail.

Using Pastebin since the payload is too large to fit in this post.

Have you tried from another browser and/or incognito mode?
Yes. The issue is affecting all users on all browsers. Tested using Chrome, Firefox, Postman, and Curl.

Please attach a screenshot of the error:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.