it was a cf managed waf rule for a vulnerability that doesn't apply to us. we've disabled it.

This comment deserves to be much higher, assuming this user speaks for Substack (no previous submissions or comments, but the comment implies it).

	▲	nicoledevillers 8 months ago \| parent [-]
		i don't speak for substack, but i do work there and changed the WAF rule :)

Why not review rules before applying them?