RadEditor and Cloudflare Web Application Firewall

I'm guessing that the firewall inspects the contents of the POST and it finds that there is HTML in it (even though RadEditor sends it encoded). Since this is the standard way to send data to the server (being part of the POST), RadEditor would not have a configuration that can change this - ultimately, the data from the user input in it must be available as part of the POST data for the control to work.

What I can suggest you look into is the following:

• see whether some transformation of the content can help you get it past the firewall. You can create your own content filter that will transform the content accordingly, then apply the reverse transformation on the server before using it.
• see if you can use the OnClientSubmit event of the editor to fetch the content from it and send it in some form to the server (e.g., send to some sort of service)
• if the editor is not too prevalent in your app, perhaps you can keep it on a concrete form that you can use in an <iframe> or RadWindow and save it only through it, and allow such special content with code in it for that particular path, if that's a feature offered by the firewall

I hope someone who has experience with the CloudFlare software will also happen upon this thread and be able to offer some ideas from that perspective as well.