WAF challenge loop
Hi,
we're seeing an issue where some of our clients who get challenged via a WAF access rule still don't get access to the protected page, but instead get a 403 error and are presented again with the same challenge they just passed. This seems to be happening with both the managed challenge and the js challenge, but only for specific users on specific browsers.
Are there any known issues in that area, and is there any way to fix this on our end?
Thanks for taking a look 🙂
3 Replies
It means they're failing the challenge, a bad browser extension or local antivirus could be causing it/messing with stuff.
https://developers.cloudflare.com/waf/reference/cloudflare-challenges/#browser-support
Worth mentioning only latest versions of major browser (excluding IE) are supported, making sure they're up to date is a good idea as well
Cloudflare Docs
Challenges · Cloudflare Web Application Firewall (WAF) docs
When a website is protected by Cloudflare, there are several occasions when it will challenge visitor traffic:
Oh, I would have expected an explicit message if the challenge is failed instead of it just repeating. Why does it do that?
Why does it repeat? I assume it's just to give the user another chance/failure could be a transient thing.
If you're asking why they are failing it, could be bad browser extension or antivirus causing it, from that linked post
Browser extensions If you have browser extensions, they might lead to unpassable challenge loops. To fix, disable your extensions and reload the page. This behavior commonly occurs because an extension modifies your browser’s default User-Agent value.