Bypassing security level checks

I’m aware that Security Level = Completely Off is only option for enterprise, but is there a way I can just get that feature enabled or emulate this somehow through other Cloudflare features?

I have some legitimate visitors being blocked this way. While my investigation did turn up some residential proxies being hosted at the requesting IP addresses, the requests made to my website using those IPs is legitimate as confirmed by user reports as well as comparing the HTTP version, requested paths and user agent.

I understand the risks of doing so, and would like to hear about a solution.

Thanks in advance.

Security Level is just a Managed Challenge - unless they are legitimately bots or using extremely outdated browsers, they should still be able to open the website after a brief challenge page.

https://support.cloudflare.com/hc/en-us/articles/200170056-Understanding-the-Cloudflare-Security-Level

I’d have guessed as much, only that this challenge was triggered separately on a JS file and the user previously got a challenge on the HTML page where this script was embedded as well.

Instead of having users end up with a broken page, it’d be nice if I could skip the managed challenge entirely.

Try a firewall rule with the Bypass action, which will then allow you to select Security Level as a bypass ‘category’. You’ll want to scope it down to affected users, or just your static assets - up to you.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.