Uploading file is not working after cloudflare use

In our system, there’s a form where users are required to provide personal information such as Date of Birth (DOB), Full Name, and Father’s Name. Additionally, they need to upload an image. So all these information with image will send via jquery AJAX

Previously, our file uploading system functioned without issue. However, since implementing Cloudflare, we have encountered a 403 error when attempting to upload files. Additionally, our network team has provided the following error details.

920270: Invalid character in request (null character)
Cloudflare OWASP Core Ruleset Score (+5)
920271: Invalid character in request (non printable characters)
Cloudflare OWASP Core Ruleset Score (+5)
932130: Remote Command Execution: Unix Shell Expression Found
Cloudflare OWASP Core Ruleset Score (+5)
932200: RCE Bypass Technique
Cloudflare OWASP Core Ruleset Score (+5)
941310: US-ASCII Malformed Encoding XSS Filter - Attack Detected
Cloudflare OWASP Core Ruleset Score (+5)
941340: IE XSS Filters - Attack Detected
Cloudflare OWASP Core Ruleset Score (+5)
942200: Detects MySQL comment-/space-obfuscated injections and backtick termination
Cloudflare OWASP Core Ruleset Score (+5)
942260: Detects basic SQL authentication bypass attempts 2/3
Cloudflare OWASP Core Ruleset Score (+5)
942300: Detects MySQL comments, conditions and ch(a)r injections
Cloudflare OWASP Core Ruleset Score (+5)
942330: Detects classic SQL injection probings 1/3
Cloudflare OWASP Core Ruleset Score (+5)
942370: Detects classic SQL injection probings 2/3
Cloudflare OWASP Core Ruleset Score (+5)
942440: SQL Comment Sequence Detected
Cloudflare OWASP Core Ruleset Score (+5)

Your request appears to Cloudflare like a number of common exploits as listed. You can either change the format of the posted data so it doesn’t trigger these rules or put an exception in the WAF for the specific URL to skip the managed rules/ruleset (depending on your plan); ensure your origin is validating the input data well as you’ll have removed Cloudflare’s protection for that URL.

Essentially, I’m not inclined to disable or turn off such protection measures. What format should I adhere to instead?

Here is javascript code

var api = $.fileuploader.getInstance($('input[name="files"]'));
        var files = api.getFiles();
var form_data = new FormData();
            form_data.append("Name", $('#txtAreaName').val());
            form_data.append("IncidentDateString", $('#IncidentDateString').val());
            form_data.append("IncidentManagementOwnerId", $('#IncidentManagementOwnerId').val());
            form_data.append("IncidentSeverityId", $('#IncidentSeverityId').val());
            form_data.append("IsNotificationRequired", ($('input[name="IsNotificationRequired"]:checked').val() == undefined ? false : $('input[name="IsNotificationRequired"]:checked').val()));
            form_data.append("Report", files[0].file);

            $.ajax({
                url: url,
                type: "Post",
                data: form_data,
                contentType: false,
                processData: false,
                success: function (data) {

                },
                error: function (xhr, status, error) {
}

            });

Here is c# code

[HttpPost]
		public async Task<ActionResult> UploadReport(PrivacyIncidentManualReportRequest incidentManualReportRequest)
		{
           
				if (ModelState.IsValid)
				{

					
					var report = incidentManualReportRequest.Report;



}

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.