Hi, we use Incapsula as a WAF and for DDoS protection. After upgrading from vBulletin 4 to Connect, I've been receiving a lot of reports (and have in fact experienced this issue myself) of an error being thrown by Incapsula when users are attempting to post or use various features of the site. After receiving another report from an end user, I dug into why the error was thrown and discovered this request made by the client:
URL: /ajax/api/phrase/fetch (POST)
Status: Blocked by security rules
This post request was flagged by Incapsula as violating their security rules, specifically because it contained the word, "phrases." Unfortunately, I don't know enough about the API to determine if this was a valid request or if someone was attempting to do something malicious. If anyone else has experienced this with Incapsula, or can speak to the request this client made and whether or not it was valid I would greatly appreciate your input.
URL: /ajax/api/phrase/fetch (POST)
Status: Blocked by security rules
Code:
phrases%5b%5d=admin&phrases%5b%5d=admin_auth&phrases%5b%5d=all_changes_made_will_be_lost_would_you_like_to_continue&phrases%5b%5d=april&phrases%5b%5d=attach_link&phrases%5b%5d=attach_video&phrases%5b%5d=august&phrases%5b%5d=cancel&phrases%5b%5d=cancel_edit&phrases%5b%5d=close&phrases%5b%5d=compare_versions&phrases%5b%5d=conversation&phrases%5b%5d=december&phrases%5b%5d=done&phrases%5b%5d=edit_conversation&phrases%5b%5d=email_addresses_must_match&phrases%5b%5d=error&phrases%5b%5d=error_loading_ckeditor_script&phrases%5b%5d=error_loading_editor&phrases%5b%5d=error_loading_post&phrases%5b%5d=error_posting_comment_code_x&phrases%5b%5d=error_saving_vote&phrases%5b%5d=error_x&phrases%5b%5d=existing_reply_will_be_deleted&phrases%5b%5d=february&phrases%5b%5d=flag_a_post&phrases%5b%5d=follow&phrases%5b%5d=follow_error&phrases%5b%5d=following&phrases%5b%5d=following_pending&phrases%5b%5d=following_remove&phrases%5b%5d=friday_min&phrases%5b%5d=go_to_first_new_post&phrases%5b%5d=hour&phrases%5b%5d=inlinemod_auth_login_failed&phrases%5b%5d=inlinemod_auth_login_first&phrases%5b%5d=inlinemod_auth_password_empty&phrases%5b%5d=invalid_data&phrases%5b%5d=invalid_data_requested&phrases%5b%5d=invalid_email_address&phrases%5b%5d=invalid_request&phrases%5b%5d=invalid_server_response_please_try_again&phrases%5b%5d=invalid_special_channel_subscribe_request&phrases%5b%5d=invalid_user_permissions&phrases%5b%5d=invalid_username_specified&phrases%5b%5d=invalid_username_specified_maxlength_x&phrases%5b%5d=invalid_username_specified_minlength_x&phrases%5b%5d=invalid_query_definition_x&phrases%5b%5d=january&phrases%5b%5d=join&phrases%5b%5d=joined&phrases%5b%5d=join_error&phrases%5b%5d=july&phrases%5b%5d=june&phrases%5b%5d=leave&phrases%5b%5d=loading&phrases%5b%5d=logged_out_while_editing_post&phrases%5b%5d=login&phrases%5b%5d=login_success_admin_auth&phrases%5b%5d=march&phrases%5b%5d=may&phrases%5b%5d=minute&phrases%5b%5d=moderator&phrases%5b%5d=monday_min&phrases%5b%5d=new_posts&phrases%5b%5d=no
Comment