Bot Fight mode is allowing blocked country

I’ve blocked one country in WAF rules but Bot Fight Mode is JS Challenging and then allowing connections from this country. Connections that are not JS Challenged are blocked as they should.
I thought that WAF rules have higher priority than Bot Fight Mode. Am I wrong?

From latest blog post, there are some changes in the “Security”:

On the right sidebar, I can see the “Bots” is before before the “WAF”, meaning Bot Fight Mode executes before Web Application Firewall:

Nevertheless, from the Docs:

Hi, I don’t have that right sidebar on that page. How can I enable it?

I action I set is BLOCK. But it was logged instead.

Might be due to your screen width (window size) / resolution? :thinking:

1 Like

I don’t think so.
You guys all have that right sidebar? Is that a new feature? I really don’t have it.

It was released about 6 months ago and should be enabled for everyone.

1 Like

Just zoom out your browser window and you should be able to see it.

By the way was the main action taken to the request “Block”? Not “Additional Logs” but the one above it.

1 Like

Thanks. Yes, you’re right.

Yes, but why “Log” nine times before “Block”? Shouldn’t it be blocked right away?

Read this:

1 Like

I never saw this sidebar! I had to zoom out to 70%… oh Cloudflare…

OK, but I’m still confused by this diagram. Orange square “Firewall Rules” refers to “Firewall rules” tab under WAF (that was moved recently)? If yes, then Bots have lower priority, right?

That’s a bit strange to me, that Bot Fighting Mode is letting traffic in without evaluating Firewall Rules. If traffic wouldn’t be JS Challenged by Bots, it would be blocked by Firewall Rules.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.