Way to retrieve POST body on blocked request?

Curious, anyone aware of a way to retrieve the POST body of a blocked request? I’ve got a web app with CF Business plan in front of it, managed and owasp rules enabled. There are some requests being blocked due to elevated owasp score, mostly due to ‘detected’ sql injection, but given the source network of the requests, it is 100% not a sql injection. So, we need to look into the payload of the POST request when this occurs to see what could be triggering that. It’s a small number of requests that trigger this, and there are a very large number of successful requests occurring without issue, so, it is not desirable to enable logging of all post requests on the origin side to then try to match it up. I was hoping perhaps with API there’d be a way to get the data with the ray ID or similar.

Thanks

I don’t think you will be able to get the actual POST body from the request, but only like meta data about the request, similar to as what you see on the Firewall Events page in the Dashboard.

The GraphQL API may at least be able to help you with the meta data though:

2 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.