Find the WAF Rule Blocking a Request
Use this page when a valid request is blocked with a 403 or 406 response and you need the WAF Rule ID before deciding whether to whitelist it.
Use Watch Mode
Run the WAF log watcher:
cpgcli waf --watch
When prompted, enter a filter that matches the incident:
- Client IP address
- Domain name
- URI or path
Reproduce the blocked request after the watcher is running. The output shows the matched rule, including the Rule ID.
If the request is safe, whitelist only that Rule ID. See Whitelist Rules.
Use App Portal Logs
- Log in to App Portal and select the server.
- Go to Security >> WAF Logs or Bot Attacks.
- Filter by time, domain, client IP, or Rule ID.
- Open the blocked event and note the Rule ID.
Confirm the Fix
After whitelisting a rule:
- Wait 1-2 minutes for the configuration to apply.
- Reproduce the same request.
- Confirm the request succeeds and the Rule ID no longer appears for that request.
Related Issues
- WAF does not enable: see Panel-Specific Steps.
- Uploads or forms fail with a 413 response: see Request Body Limit Error.
- PHP uploads are blocked: see Block PHP Uploads.
- Logs show proxy IPs instead of visitor IPs: see Proxy IP Check.
If the issue continues, contact support with the Rule ID, affected URL, expected behavior, server details, and control panel details.