Bot fight mode blocking my API client


I’m on a Cloudflare PRO plan and the Bot fight mode is super useful to me, it’s set to block every known bad bots.

The problem is that I just launched an API on my website and it’s now blocking legitimate traffic from my API clients.
It displays a message like this:
" Please enable cookies.

Sorry, you have been blocked

You are unable to access domain"…etc

Is there a way to disable this security on a particular set of URIs ? Without having to whitelist every single IP that needs to request my API.

I tried to create a page rule that lowers the security level, disables the security, disables the WAF…
I also tried to create a WAF rule that would allow a certain User-Agent to request the API.

Both solution didn’t work, and are pretty bad for my API’s security anyway.

Is there any other way I can do this efficiently ?


The only way to override Bot Fight Mode is by using IP Access Rules to whitelist IP addresses unfortunately.


Ouch, that’s a pretty bad side effect.
I don’t know how I’m going to solve this…

Thank you very much for the answer anyway !

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.