"bot fight mode" blocks CF requests?

I am not able to access my website because I think that request is a false positive from the “bot fight mode” module.

  "action": "managed_challenge",
  "clientASNDescription": "CLOUDFLARE Cloudflare, Inc.",
  "clientAsn": "132892",
  "clientCountryName": "US",
  "clientIP": "",
  "clientRequestHTTPHost": "[redacted]",
  "clientRequestHTTPMethodName": "GET",
  "clientRequestHTTPProtocol": "HTTP/1.1",
  "clientRequestPath": "/",
  "clientRequestQuery": "",
  "datetime": "2023-10-23T17:22:22Z",
  "rayName": "81aba96a4c49c4c3",
  "ruleId": "874a3e315c344b1281ad4f00046aab6f",
  "rulesetId": "48ba18287c544bd7bdbe842a294f1ae2",
  "source": "firewallManaged",
  "userAgent": "Go-http-client/1.1",
  "matchIndex": 0,
  "metadata": [
      "key": "ruleset_version",
      "value": "7"
      "key": "version",
      "value": "6"
      "key": "type",
      "value": "customer"
      "key": "js_detection",
      "value": "MISSING"
  "sampleInterval": 1

is there something wrong with this ?


Is this just trying to access your website from a public IP through the proxy? Or have you set some Cloudflare feature to test your site (healthcheck, logpush, etc).

If the latter, then yes, I’ve seen the same. Cloudflare services accessing your site via a proxied host seem to be treated the same as any external bot. In particular we found logpush would fallover very often until we put in a WAF rule to allow the Cloudflare ASNs (plus included a header x-ourcompany-logpush: SOME-UUID as a simple authentication that this was from a bot we initiated).

While initially seeming odd, it’s important to realise other users could be using DNS from their accounts, workers and other Cloudflare features to connect to Cloudflare proxied sites so Cloudflare allowlisting their own IPs would be a risk.

it’s because from that trace to my site, I get this

the request is blocked by “bot fight mode”,

I am accessing my site with my isp ip, no vpn.

just trying to understand the behavior here.

nevermind, the origin ssl certificate is invalid. I will begin to resolve that.