Security: OWASP SQL Injection rule triggered by Cloudflare
Cloudflare blocks all the Webservice Query operation and triggers the OWASP SQL Injection rule.
The Cloudflare rules that get triggered are:
URI /webservice.php?sessionName=2622f6265d3807913ffb4&operation=query&query=select+%2A+from+Potentials+where+tks_status+%3D+%27Current%27+and+modifiedtime+%3E%3D+%272019-07-18%27+limit+100%2C+200%3B
981176 Inbound Anomaly Score Exceeded (Total Score: 96, SQLi=71, XSS=0): Last Matched Message: uri-981243-Detects MySQL comment-/space-obfuscated injections and backtick termination OWASP Inbound Blocking Filter 950001 SQL Injection Attack OWASP SQL Injection Attacks Filter 950901 SQL Injection Attack: SQL Tautology Detected. OWASP SQL Injection Attacks Filter 959070 SQL Injection Attack OWASP SQL Injection Attacks Filter 959073 SQL Injection Attack OWASP SQL Injection Attacks Filter 960015 Request Missing an Accept Header OWASP Protocol Anomalies Filter 960024 Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters OWASP Generic Attacks Filter 981018 End XSS pattern check OWASP XSS Attacks Filter 981133 Prequalify PM OWASP Generic Attacks Filter 981243 Detects classic SQL injection probings 2/2 OWASP SQL Injection Attacks Filter 981244 Detects basic SQL authentication bypass attempts 1/3 OWASP SQL Injection Attacks Filter 981301 SQL select OWASP SQL Injection Attacks Filter 981305 SQL from OWASP SQL Injection Attacks Filter 981307 SQL where OWASP SQL Injection Attacks Filter 981311 SQL limit OWASP SQL Injection Attacks Filter 981317 SQL SELECT Statement Anomaly Detection Alert OWASP SQL Injection Attacks Filter 981318 SQL Injection Attack: Common Injection Testing Detected OWASP SQL Injection Attacks Filter 981319 SQL Injection Attack: SQL Operator Detected OWASP SQL Injection Attacks Filter 2000001 Skip LFI Rules OWASP Slr Et Lfi Attacks Filter 2000006 Skip XSS Rules OWASP Slr Et XSS Attacks
Although they appear to be false positive, but that would require various OWASP security rules to be disabled in Cloudflare. Which would open up potential threats.
Cloudflare is a standard security layer nowadays and is a crucial demand by users implementing CRM.
A simple solution would be to base64 encode the query string.