Bot fight mode vs WAF block


I have the WAF setup with a deny if the traffic does not originate from the US. This has been working well but I noticed the other day there are logs showing traffic from other countries that are show managed challenge vs block. Given I’m on a free plan I have limited control over bot fight, but to me if the WAF is set to block, why is bot fight taking the traffic?

Side note, how can I tell from the logs if challenge was completed thus allowing the traffic?

Not possible, I agree it would be a nice addon. Maybe some day it will be available by default on the dash.

bots runs before the WAF, this is what allows enterprise customers to make firewall rules based on “feedback” from the bot protection.
Even if a bot solved the challenge, if you have a firewall rule blocking them, they would see a block page instead of your website.


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.