[Anomaly] Requests to the domain are accompanied by captcha verification

hi

Through our server, we make requests from our script, querying our domains that are on the CDN Cloudflare. The requests are sent using a Node.js script. When we make a request, the Cloudflare service presents a captcha. We need a solution to somehow mark our requests as valid and add them to a allowlist.

What we have done:

  1. We added to the WAF service to receive requests from a specific
    URI: tets-site.com/?check=Fs0… (Followed by a special hash).

None of these methods have helped, and the checks are still accompanied by captchas from Cloudflare.

You’ll need to see why the WAF rule isn’t doing what you want. Either it isn’t skipping the checks needed to allow the request to pass, or isn’t being reached or triggered in the first place (as other rules trigger the challenge before the rule is hit).

Take a look at your security events log to find why the challenge is being triggered and use that to help configure the WAF correctly.
https://dash.cloudflare.com/?to=/:account/:zone/security/events

You may also be able to use trace to follow the request through Cloudflare’s pipeline to see what is happening…
https://dash.cloudflare.com/?to=/:account/trace

1 Like

There are no filters on our requests, specifically we need requests from the countries Russia and Belarus. There are general rules for all websites. Requests from our JavaScript also come from Russia.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.