I am seeing a persistent 403 Forbidden on my specific Mac (Chrome/Safari) when hitting my API (POST /api/images), causing my frontend to crash with invalid JSON errors.
The Firewall Log: When I check the Vercel Firewall, I see a high volume of “Denied” requests appearing under a filter/rule named react_ruleset (see attached screenshot).
The Discrepancy (Browser vs. Terminal)
The strange part is that cURL works fine from the exact same machine:
Browser (Mac): Returns 403 Forbidden (Blocked by Firewall).
Whitelisted my public IPv4 in “System Bypass Rules”.
Disabled iCloud Private Relay & limit IP tracking.
Cleared Cache / Used Incognito.
Confirmed iPhone on same Wi-Fi works fine.
Question: What exactly is react_ruleset? Why is it hard-blocking my browser’s specific TLS fingerprint/User Agent while allowing cURL requests from the same IP? And how to allow my device which is my own IP not network attacking. Thank you for any directions
This also happens to me when I am upload larger file, around more that 5MB. Really annoying error, also I cannot really find what rules this ruleset contains. Does anyone know this information?
@lihaoz-barry Just checking in on your issue with the 403 Forbidden error related to the react_ruleset. Have you found a solution, or do you still need assistance troubleshooting the problem? Let me know if that helps!
@jacobparis I am running into this issue too. It seems like the react rule set is denying my pdf because there are characters that look like SQL injection attack.
If you’ve updated to the latest version of React you can disable the rules for your PDF upload endpoint, the baseline protection is just to provide an extra layer of defence to apps that were on React versions that were vulnerable to the react2shell CVE
