Allow login request from external Software

Hello together,

I have written an external program that retrieves login data from the website. When I select “Under Attack” on Cloudflare, Cloudflare blocks the login request from the program and the user gets a message that the server is not reachable.
The program is written in Python. Can I somehow approve the query in the Cloudflare panel? so that it is not blocked when I have “under Attack” on.

Does this external program make all its requests from the same IP address? If so, then you can “Allow” that IP address in Firewall → Tools.

no the external program is installed at users PC.
That’s about 30 people (I don’t want to allow 30 IP addresses in the firewall, they change again after 24 hours).

I guess that the question is how to protect your API. There is not much you can do to protect those besides adding strict rate limit policies that adapt to your application.

You need to set the protection level of the API endpoint to low to ensure that no request receives a JS Challenge.
Thus being said, I’m not sure if firewall rules would override the under attack mode (so that your API endpoint is still in low security); I’d guess not.
Be advised that having UAM enabled constantly is, most of the time, a bad practice. It would be best to think of UAM as a last resource to mitigate an attack while you analyze the attack patterns.

Finally, you can make reaching the API endpoint slightly harder by adding your own user agent that only your app knows.
While this is trivial to bypass if the attacker has access to your application(they can dump the user agent), it adds resilience against attacks that otherwise would be null.

I hope that helps!

1 Like