CF-CONNECTING-IP Header being excluded from "bot fight mode" triggers
I have a website that recieves very large amounts of traffic, and recently I've had a very few amount of users report issues with authentication. After debugging, I realized that Cloudflare's IP header was not being passed for those people.
Looking at their requests in Security Events, they seem to lack a user agent and are listed under the "Managed challenge" action for the "Bot fight mode" service.
To test my theory, i turned off bot fight mode and those users were able to use the app fine.
My question is, how can I keep bot fight mode enabled while still allowing people who manage the challenge to keep their
cf-connecting-ip header.1 Reply
If youre using the regular bot fight mode on the Free plan, you can't bypass it using rules, it's all or nothing. You can only do that with Super Bot Fight Mode on a paid plan