I’m on a Cloudflare PRO plan and the Bot fight mode is super useful to me, it’s set to block every known bad bots.
The problem is that I just launched an API on my website and it’s now blocking legitimate traffic from my API clients.
It displays a message like this:
" Please enable cookies.
Sorry, you have been blocked
You are unable to access domain"…etc
Is there a way to disable this security on a particular set of URIs ? Without having to whitelist every single IP that needs to request my API.
I tried to create a page rule that lowers the security level, disables the security, disables the WAF…
I also tried to create a WAF rule that would allow a certain User-Agent to request the API.
Both solution didn’t work, and are pretty bad for my API’s security anyway.
Is there any other way I can do this efficiently ?
The only way to override Bot Fight Mode is by using IP Access Rules to whitelist IP addresses unfortunately.
Ouch, that’s a pretty bad side effect.
I don’t know how I’m going to solve this…
Thank you very much for the answer anyway !
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.