Obfuscated Attack Payload

What It Means

This request contains data that has been deliberately altered to bypass security filters while still delivering a malicious payload.

Why It Matters

Attackers encode or transform their attack payloads so they look harmless to basic security checks but are decoded back into malicious form by the target application. The WAF detects these obfuscation patterns and blocks the request before the payload can be processed.

Common Triggers

Requests with base64-encoded attack strings, hexadecimal-encoded payloads, character substitution patterns, or multiple layers of encoding applied to request parameters.

What To Do

These blocks indicate active evasion attempts and are always malicious. They are safe to leave in place. No action is typically required.