Bypass "Checking your browser" with page rules?

I need under attack mode on, but want to allow users to bypass it on certain URL’s
example ← On ← Off

Tried setting up page rules with security level set to essentially off, disabled security and browser integrity check off, but no luck…
Any idea how I can achieve this?

Under Attack is a JS Challenge.

You can turn off Under Attack mode and use a Firewall Rule instead.
Something like below. I added the Not known bot so good crawlers don’t get challenged.

Still doesn’t seem to work, it’s still checking my browser for some reason even though my URL contains those words

It’s just one word. But check the Firewall log to see why your request is being challenged.

I have 2 words/url’s I wanted to bypass “auth” and “version”:


(not http.request.uri.path contains "*auth*") or (not http.request.uri.path contains "*version*")

Firewall rules don’t use wildcards. If you use “Contains”, then you don’t need any *s.

Yep tried without too, same issue though :confused:

Ah, you should be using an AND instead of an OR.

(not http.request.uri.path contains "auth" and not http.request.uri.path contains "bypass")

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.