Skip to main content
Drupal Answers

Return to Question

formatting
Source Link
edit approved Oct 23, 2023 at 16:34
miststudent2011
edit approved Oct 23, 2023 at 16:34
miststudent2011
  • 1.8k
  • 1
  • 13
  • 37

I have a simple form where people raise IT helpdesk requests (oh, the irony...) and this creates a case in CiviCRM. It's an unsophisticted but cheap helpdesk system for the few requests we get.

A user reported today of being blocked by CloudFlare. On investigation it was because they tried to upload a screenshot of their issue. We have a simple 'upload a file' field and have had no issues in the past. CKEditor and IMCE are not used - just native Drupal.

The rule triggered in CloudFlare is XSS/HTML injection - b910aec795a44492b783da68301de41f from the Managed Ruleset.

I checked myself and on trying to upload a PNG file I get a window pop up with:

enter image description here

This is what I see CloudFlare side:

enter image description here

Checking our submissions, I can see that screenshots were uploaded early September this year, so either this is a Drupal change or a CloudFlare rule tightening.

Any ideas? I could just disable the rule, but that is not a good practice without understanding the issue. We are using Drupal 7.98 with CiviCRM 5.66. We are upgrading to Drupal 10 and I have checked - it also gets triggered on our 9.5x and 10.1.x test systems.

I have a simple form where people raise IT helpdesk requests (oh, the irony...) and this creates a case in CiviCRM. It's an unsophisticted but cheap helpdesk system for the few requests we get.

A user reported today of being blocked by CloudFlare. On investigation it was because they tried to upload a screenshot of their issue. We have a simple 'upload a file' field and have had no issues in the past. CKEditor and IMCE are not used - just native Drupal.

The rule triggered in CloudFlare is XSS/HTML injection - b910aec795a44492b783da68301de41f from the Managed Ruleset.

I checked myself and on trying to upload a PNG file I get a window pop up with:

enter image description here

This is what I see CloudFlare side:

enter image description here

Checking our submissions, I can see that screenshots were uploaded early September this year, so either this is a Drupal change or a CloudFlare rule tightening.

Any ideas? I could just disable the rule, but that is good practice without understanding the issue. We are using Drupal 7.98 with CiviCRM 5.66. We are upgrading to Drupal 10 and I have checked - it also gets triggered on our 9.5x and 10.1.x test systems.

I have a simple form where people raise IT helpdesk requests (oh, the irony...) and this creates a case in CiviCRM. It's an unsophisticted but cheap helpdesk system for the few requests we get.

A user reported today of being blocked by CloudFlare. On investigation it was because they tried to upload a screenshot of their issue. We have a simple 'upload a file' field and have had no issues in the past. CKEditor and IMCE are not used - just native Drupal.

The rule triggered in CloudFlare is XSS/HTML injection - b910aec795a44492b783da68301de41f from the Managed Ruleset.

I checked myself and on trying to upload a PNG file I get a window pop up with:

enter image description here

This is what I see CloudFlare side:

enter image description here

Checking our submissions, I can see that screenshots were uploaded early September this year, so either this is a Drupal change or a CloudFlare rule tightening.

Any ideas? I could just disable the rule, but that is not a good practice without understanding the issue. We are using Drupal 7.98 with CiviCRM 5.66. We are upgrading to Drupal 10 and I have checked - it also gets triggered on our 9.5x and 10.1.x test systems.

edited tags; edited title
Link
mona lisa
mona lisa
  • 6.8k
  • 2
  • 21
  • 26

CloudFlair Why is CloudFlare blocking file uploads?

Source Link
ChumKui
ChumKui
  • 199
  • 11

CloudFlair is blocking file uploads

I have a simple form where people raise IT helpdesk requests (oh, the irony...) and this creates a case in CiviCRM. It's an unsophisticted but cheap helpdesk system for the few requests we get.

A user reported today of being blocked by CloudFlare. On investigation it was because they tried to upload a screenshot of their issue. We have a simple 'upload a file' field and have had no issues in the past. CKEditor and IMCE are not used - just native Drupal.

The rule triggered in CloudFlare is XSS/HTML injection - b910aec795a44492b783da68301de41f from the Managed Ruleset.

I checked myself and on trying to upload a PNG file I get a window pop up with:

enter image description here

This is what I see CloudFlare side:

enter image description here

Checking our submissions, I can see that screenshots were uploaded early September this year, so either this is a Drupal change or a CloudFlare rule tightening.

Any ideas? I could just disable the rule, but that is good practice without understanding the issue. We are using Drupal 7.98 with CiviCRM 5.66. We are upgrading to Drupal 10 and I have checked - it also gets triggered on our 9.5x and 10.1.x test systems.