When our customers activate their license, it sometimes get blocked by Cloudflare. When looking in the response on the API request, we’ve found that Cloudflare responds with a reCaptcha challenge. As the response is handled by code, not a user, this obviously fails.

I’ve tried adding a firewall rule that accepts all post requests, just to check if that helps. Which it doesn’t. Allowing URL’s or IP’s is also not possible, as these are lots of different customers. How can we disable this feature for such requests?

Find the rule being triggered in the firewall logs and disable it perhaps?

I see this as “Managed challenge” in the logs, with Rule ID ‘badscore’. But I don’t see any option to disable a “Managed challenge”, or specific Rule ID’s. Is this actually possible?

That challenge may then be based on the repurtation of the visitor’s IP address, in which case you can change the security level: https://support.cloudflare.com/hc/en-us/articles/200170056-Understanding-the-Cloudflare-Security-Level

Ah, thanks. I’ll try if that helps.

This seems to have resolved the issue for most customers. Several of these customers are probably located on a shared hosting environment, the ip number of which was listed in https://www.projecthoneypot.org. Thanks for the pointer!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.