A customer recently inquired about simple GET requests for their homepage being blocked by the Cloudflare Web Application Firewall (WAF). The issue was traced back to a SQL injection attempt hidden within the User-Agent HTTP request header. This technique is commonly used by scanning tools and can be exploited to extract information from a website or gain access. To mitigate such attacks, it's crucial for web applications to sanitize input and employ security measures like Cloudflare's WAF.