Busted POST Requests
Super stuck on this one. We’re an email marketing company and have a basic forms product that was use Cloudflare’s WAF to protect it.
Every now again someone will complain that it’s not working after they’ve hit the Managed Challenge. They’re often redirected after they pass it but with an invalid body so our app rejects it.
It’s super hard for me to replicate or track these down.
On the forums it seems others have faced this too. Anyone know why after completing a Managed Challenge the request could be altered or changed?
On the forums it seems others have faced this too. Anyone know why after completing a Managed Challenge the request could be altered or changed?
3 Replies
Because Cloudflare needs to POST the result of the challenge, and it can't POST two things at the same time so yours is lost. I would suggest either tweaking the WAF settings so the challenge don't happen on that path, or implementing Cloudflare Turnstile on the form to protect it that way instead
@Erisa maybe but for 99% of requests it’s fine.
Worth also noting that enforcing this is easier than asking our customers to add Turnstile to everything.
Oh yeah for sure
Do you mean 99% of the requests don't get the challenge, or 99% of the requests don't lose post data after completing the challenge?
You can see in Security Events why the challenge is happening