Spam Request

What It Means

This request attempted to inject spam into your application, typically through comment forms, contact forms, or other user-input endpoints.

Why It Matters

Spam injection degrades your application’s user experience and can damage your site’s search engine reputation. Spammers target any endpoint that accepts user input to post advertising links, phishing URLs, or SEO spam content. Comment-based spam specifically targets blog comments, forums, and review sections.

Common Triggers

Requests to form submission endpoints containing known spam patterns — bulk advertising links, pharmaceutical keywords, gambling promotions, or SEO link-building text. Comment-based spam targets endpoints that accept and publicly display user content.

What To Do

These blocks are safe to leave in place. If legitimate form submissions are being caught, review the specific requests in your WAF logs to identify what pattern triggered the block. You can use Path Allowlisting to exempt specific endpoints, but consider adding your own application-level spam filtering if you do.