Summary: Clients experienced authorization errors (403s) when attempting to push data through FloQast's external API integration pipeline.
Root Cause: As part of ongoing security infrastructure improvements, FloQast migrated services to a more robust web application firewall (WAF) configuration. In pre-production environments, a supplemental ruleset had been in place that, by design, took precedence over certain standard security rules — effectively masking how those rules would behave in production. When the migration to the stricter production security configuration occurred, legitimate integration traffic was inadvertently caught and blocked.
Immediate Resolution: Engineering teams performed a full rollback of the affected deployments, restoring integration functionality for impacted customers. Once stable, the team began a careful analysis of the specific security rules to confirm that the appropriate level of restrictions was being adhered to.
Follow-up Actions: The team is taking a deliberate approach to reintroducing the production security ruleset in monitoring mode before enforcing blocks, allowing for validation against known traffic patterns.