CD
Cloudflare Developers2mo ago
cron

Possibly a WAF question: Trying to catch cf-mitigated in the client from a POST request

Hi, I have a WAF rule that should be sending back challenges on a POST request given certain conditions. I'm now trying to catch the cf-mitigated header that's being returned from it in the client and read it with JS, kind of like here: https://developers.cloudflare.com/waf/reference/cloudflare-challenges/#detecting-a-challenge-page-response Looks like cf-mitigated is being returned within the preflight OPTIONS request, which the JS can't access as far as I know (I'm using axios if that's helpful information to have). Is there any strategy or CF tool you'd recommend to maybe transform the response or intercept it so that it could be returned to the client in a way that it would know if a cf-mitigated header was returned?
2 Replies
Hard@Work
Hard@Work2mo ago
Does your WAF rule trigger on OPTIONS too? Might want to disable that then
cron
cronOP2mo ago
Ah good point - we could set it to trigger on POST only. Didn't think of that haha. I'll give that a try, thanks a ton :ablob_heart: AH that was it. Thank you tons!!!

Did you find this page helpful?