Bypass specific path for payment api under IUAM

My site is in “Under attack mode”, and I got an api at path “/api/v1/payments” and I would to bypass IUAM for this path.
I have created this rules:
action Byppass for expression: (http.request.uri contains " /api/v1/payments")
action Allow for expression: (http.request.uri contains " /api/v1/payments")

this is worked before but for now my requests are catched by IUAM

How to do it in right way ?

IUAM is essentially a Firewall Rule that JS Challenges everybody except verified bots.

For you, I suggest you disable IUAM and replace it with a firewall rule:
If Path is NOT payments and NOT verified/known (cf.clientbot, I believe), then JS Challenge.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.