Website Security and Backups Help

WAF block signatures

If you or a user was blocked by the firewall, you can reference the following signatures to determine why the block occurred. If you need assistance regarding a firewall block, please open a support ticket and include the relevant block signature.

Note: An asterisk next to a block signature indicates that there are multiple values associated with the block.
  • 2FA1 - Request blocked, missing 2 factor authentication (Password)
  • 2FA2 - Request blocked, missing 2 factor authentication (Google Authenticator)
  • 2FA3 - Request blocked, missing 2 factor authentication (Captcha)
  • ANP230 - Non standard POST request
  • BAK02* - Backdoor access denied
  • BBOT65 - Brute force bot blocked
  • BLACK02 - Blocklisted IP address (due to bad reputation)
  • BLACK666- Blocklisted IPs and domains
  • BLKUNF1 - Unfiltered HTML not authorized
  • BLKUP2 - Content (or upload) not authorized
  • BNP002* - Bad bot access denied
  • CMB055 - Comments, trackbacks, and XMLRPC blocked
  • CUST01 - IP address is blocklisted
  • CUST02 - URL path is blocklisted
  • CUST03 - User agent is blocklisted
  • CUST04 - Referrer is blocklisted
  • CUST05 - Cookie is blocklisted
  • DDOS2* - DDOS attempt blocked
  • DIR081 - Directory listing not authorized
  • EVA0* - Evasion through obfuscation denied
  • EXP034 - Exploit attempt denied
  • EXP035 - Timthumb exploit attempt denied
  • EXP036 - DataBase exploit attempt denied
  • EXP037 - Exploit or backdoor access denied
  • EXPVH3 - Exploit blocked by Virtual Patching
  • EXPVP* - Exploit blocked by Virtual Patching
  • FBP006 - Fake bot access
  • FBP007 - Fake bot access (POST request without referrer)
  • GEO0* - GeoIP Block
  • INA154 - HTTP protocol anomaly - Missing user agent
  • IPB17 - IP Address not allowed
  • MET043 - HTTP method not allowed
  • NONE - Other
  • OBF080 - Obfuscated attack payload detected
  • PAR010 - POST request denied due to 'paranoid mode'
  • PBI009 - Blocklisted IP
  • PHPi20 - PHP injection blocked
  • PTA1* - HTTP protocol anomaly detected
  • RCE00* - Remote command execution blocked
  • RFI00* - An attempted Remote File Inclusion or Local File Inclusion was detected and blocked
  • RPCBOT01 - XMLRPC bot was blocked
  • SCO13* - Malicious cookie payload blocked
  • SFD004 - Access to restricted folder
  • SFD005 - Access to restricted folder
  • SPAM33 - Spam request blocked
  • SQLi0* - SQL injection was detected and blocked
  • SSI017 - SSI injection blocked
  • SUR003 - Suspicious URL
  • TMP021 - Blocked by IDS
  • UAi029 - User Agent injection blocked
  • UAT007 - Request not authorized
  • UP010 - Exceeds file upload size
  • XSS00* - An attempted XSS (Cross-site scripting) was detected and blocked

More info

Share this article