Hi everyone,

I’m trying to figure out why Cloudflare is blocking a POST request containing a parameter with the string value “TR HIGH”. Cloudflare throws a “404 bad request error” and the blocked page does not show on the firewall blocked requests list.

This only happens with that very specific parameter value. If the parameter is changed to lower case or anything gets added between the two words, it works fine.

Is this specific string related to some sort of vulnerability?

Thanks,

May I ask you to post a screenshot of this error?

404 error cannot be shown on Firewall Events. If it would be blocked, you would see a 1020 error or some challenge.

How about the URL Normalization option?

exa1067×533 12.1 KB

I am afraid I cannot replicate it at my end.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.