When viewing the Firewall events, is there a way to drill down further and view the BODY (if one exists)?
What “body” are you expecting to see? Firewall Events are just how Cloudflare reacts to suspicious requests. There’s really no “body” other than Cloudflare’s response page (Block or Challenge).
As body, I think that Alen means the set of headers that were used in the request.
I know of some WAF that allow you to inspect the blocked requests, however I ignore if Cloudflare has that feature.
You are correct @jnperamo . The body is actually the payload (XML or JSON) that was sent. I don’t think it applies to a HTTP GET request but does to a HTTP POST request.
However, i would LOVE to see the HTTP Headers. I dont see a way to view that and was hoping to have a way to see that. I can see the User-Agent (which is a HTTP header) but would love to see the other headers too.
That is not entirely correct. What you are referring to is the request body, there is also the response body.
I sincerely hope Cloudflare wont be able to show the request body however, as that would indicate they actually persist that information, which would be somewhat of a security nightmare.
We work very hard to ensure we aren’t logging/storing the data. I believe http headers can also store sensitive information so that may be the reason we don’t expose arbitrary ones and limit to ‘safe’ ones like user agent.
Good point @sandro. What I was after is the request body and headers. The response would be just the standard block response which is of no interest to me.
This topic was automatically closed after 30 days. New replies are no longer allowed.