Add Bitbucket public IP range to WAF custom rule but not work because the webhook is blocked by bot fight mode.
What are the steps to reproduce the issue?
I have Jenkins server and using bitbucket webhook to automatic trigger build and deploy pipeline. But now the webhook from bitbucket get blocked by bot fight mode. I try to add bitbucket public IP range to WAF custom rule but cannot skip through bot fight mode. So now I have to turn off Cloudflare proxy and use DNS only to my Jenkins for temporally fix.
If you’re using a Free plan type, disable Bot Fight Mode due to some limitations as stated:
You might not be able to bypass it, except if you bypass the whole Amazon-02 AS by adding it with action “allow” to the Security → WAF → Tools → IP Access Rules. I don’t recommend this since you might get hit by an attack from Amazon ASNs.
Hi fritex, my point is I dont know why CF suddenly treated bitbucket webhook as a bad bot. And I cannot turn off bot fight for whole domain because some of sub domain used as a production and always get bot attacked. So my workaround for now is turn off dns proxy to my jenkins. If bitbucket webhook still be a bad bot, I might have to move jenkins to another domain.