What is the name of the domain?
What is the error number?
403
What is the issue you’re encountering
I have a functionality on my website which allows users to upload files. I’d like to enable OWASP rules with “medium” anomaly score threshold and paranoia level “PL2” on my website. Lowering these settings also causes the issue. When the OWASP ruleset is enabled, uploads to my server are blocked by Cloudflare (a 403 is returned). On the Cloudflare security events, I can see that the request is blocked due to failing the “Inbound Anomaly Score Exceeded” rule. This rule is part of the rules to be skipped. I have gotten it to a state where the OWASP ruleset is skipped on the GET request (when loading the page with the dropbox for the file), but the POST request is blocked (the file is drag and dropped on the dropbox). So I believe that my rule is setup properly. Has anyone even encountered an issue like this?
What are the steps to reproduce the issue?
You need a seller account to be able to upload files and reproduce the error unfortunately. But I am wondering if I need to setup something in particular to skip the OWASP ruleset on POST requests?
