My (node.js) API is working properly in localhost but when i sending some special values in stage (server side) where Google-cloud-armor rules are defined then some values ("nc","=?") are blocked and the warning is bad request 403 , the content-type in response header is getting changed from “application/json” to “text/html”. enter image description here
your server is protected by Google-armor, where some rules are defined for sqli injection and many more, the value "nc" is blocked by the Google-armor because, it is a cross-platform command netcat, there are many more which can be blocked by the armor. you can solve this by encrypting the value and pass the encrypted value and decrypt it on the server but this may lead to some sql injection, after decrypting you need to check the string for any kind of sql injection.
