JS Challenge Skips Remaining Custom Rules on Challenge Completion?
Hi all, long time Cloudflare user. Was just testing a couple of my WAF rules to make sure they are working properly and found that if I have a JS Challenge rule enabled:
(not ip.geoip.country in {"GB" "CH"}) or (not ip.geoip.asnum in {x y z})
it will skip any remaining custom rules on challenge completion. Is this intended functionality? Why would this not then move onto the next rule in the ruleset?
I feel a bit stupid for having created this rule initially without testing it, as I had assumed that adding a JS challenge would be a quick win and that it would have followed the ruleset order like any other rule. Seems like switching to a managed challenge does the exact same.
Just want to make sure I'm not going insane here, because I can't find anything online and don't feel it's severe enough to warrant trying to reach support.
2 Replies
A Challenge is a terminating action yes: https://developers.cloudflare.com/ruleset-engine/rules-language/actions/
Cloudflare Docs
Actions | Cloudflare Ruleset Engine docs
The action of a rule tells Cloudflare how to handle matches for the rule expression.
Thanks for the clarification, I'd been on this doc and had understood it as termination on failure, though rereading it this makes more sense
For now I've moved this to the bottom of the ruleset and will take a look at my options, thanks again