Adding firewall captcha on domain.com breaks API (api.domain.com) for succesful users

We have a site on domain.com.

Our API is on api.domain.com.

When we add a captcha for certain countries, it works, and a user gets to domain.com but api.domain.com is not working (i.e. they don’t get any data). Is there any way to configure this in Cloudflare?

Thanks for the help!

Hey!

So basically your wanting to exclude api. from the captcha’s?

You should be able to achieve this with page rules :slight_smile:

(edit, you should pick a higher level than essentially off )

Thanks @powelljl !

We’ve noticed that bots are hitting the API endpoint directly too. Your solution is good above - but we’re wondering if someone solves the challenge on domain.com, is it possible to apply that ‘sucessful entry’ to api.domain.com also?

Hey!

I don’t believe that’s natively possible sorry, you could probably design a Cloudflare worker to do something like that :slight_smile:

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.