WAF Rule not working
I have a website that also has an API that is used by a mobile app and a Windows app with post/get requests. the website part is protected using Cloudflare proxies and standard js/interaction messages. Because the API is receiving get/post requests from Windows/android, there is no js or human interaction accepted so I added a WAF rule with this configuration.
When an API request is received, the response is
Just a moment...
Enable JavaScript and cookies to continue
How can I fix this?
13 Replies
Check under Security -> Events and find a request being challenged, it'll tell you why it is. It could be Bot Fight mode if you have that one, which can't be skipped via Custom Rules
this is what i see in events
Sounds like you have an IP Access Rule under Security -> WAF -> Tools set to challenge
thanks
it worked
do i have to do it for every user/ip?
Cloudflare recommends you use WAF Custom Rules rather then IP Access rules these days. If you are geoblocking/blocking an entire ASN/county, you can do that easily in a custom rule.
If you're doing it by IP, you can create an IP List (https://developers.cloudflare.com/waf/tools/lists/custom-lists/#ip-lists) and use that in a rule.
i also found this set
is this wise to do?
or should i delete it
Blocking some specific version of iOS Chrome?
i made it years ago thinking i was a geneious
not sure why you would do that, maybe to stop some weird attack or something?
Your Custom Rule would skip that, but yea should be fine to delete if you don't know what it is lol
thank you
you have been very helpful
of course. Yea Custom Rules are really nice, but as you've found out they cannot skip everything, just most features