WAF block signatures
If you or a user was blocked by the firewall, you can reference the following signatures to determine why the block occurred. If you need assistance regarding a firewall block, please open a support ticket and include the relevant block signature.
Note: An asterisk next to a block signature indicates that there are multiple values associated with the block.
- 2FA1 - Request blocked, missing 2 factor authentication (Password)
- 2FA2 - Request blocked, missing 2 factor authentication (Google Authenticator)
- 2FA3 - Request blocked, missing 2 factor authentication (Captcha)
- ANP230 - Non standard POST request
- BAK02* - Backdoor access denied
- BBOT65 - Brute force bot blocked
- BLACK02 - Blocklisted IP address (due to bad reputation)
- BLACK666- Blocklisted IPs and domains
- BLKUNF1 - Unfiltered HTML not authorized
- BLKUP2 - Content (or upload) not authorized
- BNP002* - Bad bot access denied
- CMB055 - Comments, trackbacks, and XMLRPC blocked
- CUST01 - IP address is blocklisted
- CUST02 - URL path is blocklisted
- CUST03 - User agent is blocklisted
- CUST04 - Referrer is blocklisted
- CUST05 - Cookie is blocklisted
- DDOS2* - DDOS attempt blocked
- DIR081 - Directory listing not authorized
- EVA0* - Evasion through obfuscation denied
- EXP034 - Exploit attempt denied
- EXP035 - Timthumb exploit attempt denied
- EXP036 - DataBase exploit attempt denied
- EXP037 - Exploit or backdoor access denied
- EXPVH3 - Exploit blocked by Virtual Patching
- EXPVP* - Exploit blocked by Virtual Patching
- FBP006 - Fake bot access
- FBP007 - Fake bot access (POST request without referrer)
- GEO0* - GeoIP Block
- INA154 - HTTP protocol anomaly - Missing user agent
- IPB17 - IP Address not allowed
- MET043 - HTTP method not allowed
- NONE - Other
- OBF080 - Obfuscated attack payload detected
- PAR010 - POST request denied due to 'paranoid mode'
- PBI009 - Blocklisted IP
- PHPi20 - PHP injection blocked
- PTA1* - HTTP protocol anomaly detected
- RCE00* - Remote command execution blocked
- RFI00* - An attempted Remote File Inclusion or Local File Inclusion was detected and blocked
- RPCBOT01 - XMLRPC bot was blocked
- SCO13* - Malicious cookie payload blocked
- SFD004 - Access to restricted folder
- SFD005 - Access to restricted folder
- SPAM33 - Spam request blocked
- SQLi0* - SQL injection was detected and blocked
- SSI017 - SSI injection blocked
- SUR003 - Suspicious URL
- TMP021 - Blocked by IDS
- UAi029 - User Agent injection blocked
- UAT007 - Request not authorized
- UP010 - Exceeds file upload size
- XSS00* - An attempted XSS (Cross-site scripting) was detected and blocked