Cloudflare WAF blocking custom SQL

Expected behavior

Charts that use a Custom SQL data source should not trigger basic generic security layers such as Cloudflare WAF. Sending the raw SQL as the payload seems to have this effect

Actual behavior

Cloudflare WAF and similar services (including Sqreen) will automatically block the request with a HTTP 403


We imagine Custom SQL is a popular feature and considering how widespread security tools like cloudflare are, we were wondering if there is a recommended approach to this problem

Hey @JoshBridgement :wave:

Indeed, we have a few issues with Cloudflare WAF services.
If you have on hand the list of WAF rules triggered, may I ask you to share these here or as DM?
(That is useful for us, since Custom SQL aren’t the only source of issues we encounter with Cloudflare)

Sadly, the only workaround we’ve found so far is to either disable the WAF services on specific routes or on the whole /forest namespace.

Thanks - I have sent you a list of the affected WAF services