Customer getting blocked by the "manage definite bots" WAF rule. Should I let them through?
I've got a scenario where a customer is complaining about not being able to access our site, but the Security Events log tells me they are flagged as "manage definite bots."
How accurate is this identification? Should I make an exception here in my WAF, or is this likely a customer that's got a bot on their IP, who is also trying to buy something from our site?
1 Reply
Not looking for a definitely yes/no answer here, but wondering how I can dig into this further.
Or to what extent I can trust this label by Cloudflare. I've had known good traffic to our API blocked in the past, but I also think it's possible that this is a person with a bot that is trying to socially engineer our customer service to get access to our site.
Hello?