Help CentreIntegrations SuperControl APII am receiving errors on my website when using SuperControl API

I am receiving errors on my website when using SuperControl API

Although not always be the case, errors can be caused by malicious code which gets blocked by SuperControls Web Application Firewall (WAF).

You will need to pass this information to your web developer to ensure the errors don't persist.

SuperControl is protected by a sophisticated Web Application Firewall (WAF).  The WAF automatically blocks any potentially dangerous requests to our systems, including SQL injection and cross-site scripting.

It is common for bad bot to scan websites looking for vulnerabilities.  Clients using the SuperControl API should sanitise any malicious input before sending requests to our servers.  If the WAF detects a volume of malicious requests your website will be blocked for at least 24 hours.  In many cases this will cause the elements of your website that use the SuperControl API to fail.

It isn't possible to whitelist IP addresses because we have to protect all of our systems.

Some common examples where malicious code has been injected causing the WAF to block:



We recommend protecting websites using proxy services like Cloudflare Pro version or Incapsula as well as enforcing strict validation of data.

When using CloudFlare, all incoming connections initiated from the Internet to web servers should be denied, except for connections initiated from CloudFlare IPs. 

The list of CloudFlare IPs is available at


How can we make this page better for you?

E-Mail me when someone replies to this comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.