Browser Integrity Check debug

Hi
I have some of our my users that are coming via zscalers proxies. For some of them the BIC is triggering for some not.
Is there a way to understand and have more details on why the BIC is triggering.
Is the issue on the client side, or a zscaler issue or a site issue …

(Of course, I can bypass the cloudflare firewall based on the AS but this is just putting the problem under the rug. )

tx

Hi there,

The Browser Integrity check looks at the User-Agent of the request and based on the a predefined list that we maintain of User-Agents that we consider malicious we block the requests. We are limited on what we can share, because that information can be used to avoid the feature - however if you have example User-Agents that are being blocked - we can review and see it if is something we can consider improving.

Hi
thanks for the feedback.
I tracked down my issue to a REST kind of API behind one of the paths of the applications concerned. Digging into this case I found a couple of other BIC related blocking associated to API calls.

Hence does it imply that I wound need to identify “all” REST API endpoints and whitelist them in some way ?

tx

A couple of options:

  • You could create a Firewall Rule with ‘Bypass’ action for the specific User-Agents that you are having difficulty - so that they bypass the WAF - https://developers.cloudflare.com/firewall/cf-firewall-rules/actions

  • If you have some clients with dedicated IP’s that query these API endpoints, you could create bypass rules for their IPs.

  • You can disable the BIC for your API endpoints using Page rules

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.