Help Centre

I am receiving errors on my website when using SuperControl API

Updated on

Although not always be the case, errors can be caused by malicious code which gets blocked by SuperControls Web Application Firewall (WAF).

You will need to pass this information to your web developer to ensure the errors don't persist.

SuperControl is protected by a sophisticated Web Application Firewall (WAF).  The WAF automatically blocks any potentially dangerous requests to our systems, including SQL injection and cross-site scripting.

It is common for bad bot to scan websites looking for vulnerabilities.  Clients using the SuperControl API should sanitise any malicious input before sending requests to our servers.  If the WAF detects a volume of malicious requests your website will be blocked for at least 24 hours.  In many cases this will cause the elements of your website that use the SuperControl API to fail.

It isn't possible to whitelist IP addresses because we have to protect all of our systems.

Some common examples where malicious code has been injected causing the WAF to block:

?siteID=1234&cottageID=4567%20and%201%3d1

?propertycode=4567%20and%201%3d1&startdate=2017-11-01&enddate=2018-10-31

We recommend protecting websites using proxy services like Cloudflare Pro version or Incapsula as well as enforcing strict validation of data.


When using CloudFlare, all incoming connections initiated from the Internet to web servers should be denied, except for connections initiated from CloudFlare IPs. 

The list of CloudFlare IPs is available at https://www.cloudflare.com/ips/

Previous Article What is the SuperControl API and how do I enable it?
Next Article Why am I getting calendar connection issues via API?