Allowing Mobile App requests through Firewall Rules

One of the local ISPs seems to be providing data plan user with some bad IP addresses, which are getting recaptcha response from our Cloudflare. This is ok for web applications, but our mobile applications, which are using the same API, aren’t able to pass through.
Our first try at this is to add a special header to all mobile app requests and create a firewall rule in Cloudflare to “Allow” these request. We created one, it’s at the top of the rules list, and we see that it’s set correctly, because it’s showing a large number of requests on the count next to the Firewall rule definition.
However, the apps are still getting the 403 error from Cloudflare. The response is a full HTML page, containing a string “Please complete the security check to access [website_url]”.

Any suggestions on how to approach this problem?

Can you check firewall events - is the API traffic blocked by Security Level? Bot Fight Mode? Browser Integrity Check?

If Security Level or Browser Integrity Check blocked the traffic, use “Bypass” instead of “Allow”. If Bot Fight Mode blocked the traffic, kindly just disable it.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.