I am getting blocked by Cloudflare DDoS protection

[eprosenx]

All of a sudden today I can't reply to comment threads. Every 10 seconds or so during writing a comment (every time it auto-saves I presume) I get a huge dialog that covers the page with a CloudFlare error.

I am guessing that the frequency of the auto-save is causing CloudFlare to blacklist my IP / device / account or whatever.

Is anyone else seeing this?

I have some comments I want to post but I currently can't...

Can whoever admin's the site login to the CloudFlare console and tell them to knock it off? Probably some settings need tweaked..

 

[eprosenx]

But I was able to create this new thread... Interesting. Here is to trying to submit a comment on the thread. If you see this, it means it worked...

 

[HankLloydRight]

Did the comment you were trying to post include any code (HTML, javascript, etc)?

 

[eprosenx]

No html or JavaScript.

But I did figure it out!

I was quoting NEC code sections and the section number and subsections in parenthesis were the issue. I am on my phone now so I don’t have the exact text that was the issue, but I will follow up when I get home.

It did not like my content for some reason...

 

[eprosenx]

Ok, back at home now. I just tried posting the offending string in and it won't let me submit this post with it either!

Here is the error it gives, and down at the bottom is a screen shot of the offending text. Can someone else try putting that text in EXACTLY as I did with the same punctuation and spacing and see what you get? I bet you too will get blocked!

Super odd...

 

[HankLloydRight]

Let's see! 310.15(B)(16).

Nope, that works.

Is it the word 'table'?

(in the 2017 version of the code) is table 310.15(B)(16).

that seems to work as well. Was there an embedded URL Link in what you were trying to post?


Cloudflare is really a great tool for being a reverse proxy (as a front-end defense against IP/port scan attacks and hiding your server IP addresses), static content caching (CDN), and web application firewall blocking. I use it for many of my websites.

But it took me three months to convince them the following URLs should be included in the WAF SQL injection block rules (hundreds of these requests were actually getting through to my servers every day!):

They finally relented and add custom rules for these.

So if 310.15(B)(16) is causing a problem, that's surprising to me!

 

[HankLloydRight]

Ok, I think I see it now. When I go back and try to edit that post, I get a cloudflare block message. Let's try again:

Let's see! 310.15(B)(16).

Nope, that works.

Is it the word 'table'?

editing again. I have no idea what's triggering the block.


(in the 2017 version of the code) is table 310.15(B)(16).

now I'm editing this message

 

[eprosenx]

Ok, I think I see it now. When I go back and try to edit that post, I get a cloudflare block message. Let's try again:

editing again. I have no idea what's triggering the block.

now I'm editing this message

Yup, you are on the right track here... I was trying all sorts of combo's and I could not figure it out either. It was not clear exactly what was getting matched on, but it was annoying!!!

P.S. I just replied to your last message and it immediately gave me the block... lol, I had to edit the quote tags to get this to submit successfully. Someone needs to escalate to CloudFlare.