Malicious Request

What It Means

This request is potentially malicious in nature and has been blocked by the WAF.

Why It Matters

This is a general-purpose detection that catches requests which exhibit malicious characteristics but may not fit neatly into a more specific attack category. The request may combine elements of multiple attack types or use novel techniques.

Common Triggers

Requests with suspicious patterns that indicate malicious intent but do not match a single specific attack signature. This can include unusual combinations of headers, parameters, or payloads that collectively indicate an attack.

What To Do

These blocks are safe to leave in place. If you believe a legitimate request is being caught, review the specific request details in your WAF logs and use Path Allowlisting to exempt the affected endpoint if confirmed safe.