Rules are being applied to some requests
I created a WAF rule that if the request has the user agent containing something WAF should skip and let the request through (under WAF components to skip, everything is selected the ones with (previous version)
When I look at the security events for logs that contain that user agent, I see a bunch of requests with action taken as Managed Challenge because of "Bot fight mode"
Any specific reason to some of them getting blocked and others having the right action applied?
6 Replies
need to disable bfm
this isn't something you can skip with waf
so WAF can only skip "all super bot fight mode" ?
Bot Fight Mode cannot be skipped by WAF Rules or other "Bypass" actions.
Bot Fight Mode is a very aggressive solution that should only be enabled if you are actively under attack.
Remedies:
- Upgrade to a Paid plan and use Super Bot Fight Mode
- Disable Bot Fight Mode
so every time that a request was allowed in was pure luck?
