Updated on 2024-07-22 GMT+08:00

Why Does WAF Block Normal Requests as Invalid Requests?

Symptom

After a website is connected to WAF, a normal access request is blocked by WAF. On the Events page, the corresponding Event Type reads Invalid request, and the Handle False Alarm button is grayed out, as shown in Figure 1.

Figure 1 Normal requests blocked by WAF as invalid requests

Possible Cause

If any of the following cases, WAF blocks the access request as an invalid request:
  • When form-data is used for POST or PUT requests, the number of parameters in a form exceeds 8,192.
  • The URL contains more than 2,048 parameters.
  • The number of headers exceeds 512.

Solution

If you confirm that the blocked request is a normal request, allow it by configuring a precise protection rule.