Loading
Salesforce から送信されるメールは、承認済ドメインからのみとなります続きを読む

Data 360: 403 Forbidden Errors when Ingesting Special Characters via Ingestion API

公開日: Apr 28, 2026
説明

Salesforce Data 360 enforces security through WAF rules that inspect incoming payloads.
Certain patterns using backticks (`) resemble SQL injection or malicious input, causing the request to be blocked with a 403 response.

Scenarios That Trigger 403 Errors

Rule 1: Backtick Value with Path/Flag/SQL Keyword + Logical Operator

A backtick-enclosed value that:

  • Starts with / or -, or
  • Contains SQL keywords like LIMIT or HAVING,
  • Followed by a logical operator (AND / OR)

Examples:

  • `/foo` and
  • `--foo` and
  • `limit` and
  • `having` or

Rule 2: Multiple SQL DML Keywords in Backticks

Payload contains two or more SQL DML keywords wrapped in backticks.
Keywords include: SELECT, INSERT, UPDATE, CREATE
Examples:

  • `select` `select`
  • `update` foo `insert`

Rule 3: Backtick-Wrapped AND and OR Together

Payload includes both AND and OR (case-insensitive), especially within backticks.
Examples:

  • `AND` OR
  • `and` `or`
  • `AND` blah OR

Rule 4: Backtick Value Starting with HTML-Encoded <

Backtick-enclosed value begins with &lt; (HTML-encoded <).
Examples:

  • `&lt;`
  • &lt;foo&gt;
解決策

HTTP 403 errors during ingestion is caused by WAF rules detecting potentially unsafe patterns involving backticks. This is an expected behaviour.
If backticks are required for business logic, consider restructuring the payload to avoid triggering WAF rules.

ナレッジ記事番号

005321432

 
読み込み中
Salesforce Help | Article