Bots combined with WAF rules

I have the “definitely automated” bots set to challenge. A few known good bots were being caught so I made a firewall rule to allow them. The allow rules are applying correctly, but right after every allow there is a bot challenge. It’s like CF runs the WAF rules and allows and then after runs the bot rules and challenges them. Am I missing something?

The “Allow” action is only applied to the firewall rule section itself, it will not disable any other Cloudflare security features like Super Bot Fight Mode, Security Level, WAF, etc.

Although some of them can be bypassed by using “Bypass” action (such as WAF and Security Level), but Super Bot Fight Mode is an exception.

2 Likes

Could you simplify? I’m confused

So basically bot fight mode is worthless because it can’t handle allowing any exceptions and pretty much every site is going to have at least one or two exceptions. I mean even if CF was perfect with bot labeling a miss here or there causes real issues.

Thanks for clarifying as to what the WAF rules apply to.

You can say that.

It is definitely a bit crude right now, I’m sure it will improve overtime, unfortunately we can’t use it at the moment.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.