CF blocks js and css of main page

Images, css, js are blocked at the page, but if I go to the next page by any link on page, JS chalenge starts and then I see the page as usually with images, js, css.
how to fix it?

Изображения, css, js блокируются при первой загрузке страницы, но при переходе по любой ссылке на страницу запускается js challenge и далее сайт загружается нормально, если вернуться на стартовую страницу, то с ней уже никаких проблем нет.

что это может быть? как можно исправить это?

That would suggest that your browser loads the resources of the page before it loaded the page itself (because then it would have already passed the challenge).

The only time this could be true is if the page itself was cached by your browser, but none of its resources and when you load it, it loads the page from the cache and then tries to load the resources. The latter will fail because the challenge has not been passed yet.

This scenario is rather unlikely but if that is what’s happening, you can only adjust your caching instructions or disable the challenge. The challenge is HTML content and no browser will complete it when it expects media content.

What’s the URL where you can reproduce that?

the errror is at the main page of kovinov.com

It seems you configured a challenge specifically only for resources. That cannot work.

Post a screenshot of your firewall rules.

  1. (cf.client.bot) or (http.user_agent contains “Mail.RU_Bot”)
  2. (http.request.uri.query contains “utm_source”)
  3. (not http.request.version in {“HTTP/2” “HTTP/3” “SPDY/3.1”})
  4. (not http.referer contains “youtube.com” and http.referer ne “”)

It will be rule #4 but rule #3 is not necessarily advisable either.

thank you, what is wrong with rule #4? we have a lot of bot traffic that is shown in analytics as traffic from other websites, but its not a real people. could you help how write it properly?

Have a look at it, you are challenging every request that comes with a referrer. So the current behaviour is expected. I would drop rule #4 altogether and also reconsider whether you really want to challenge HTTP 1.1. requests.

I deleted the part * http.referer ne “” * in the rule#4, looks like it works, yes. I will check it in 24 hours again

rule#3 - there are a lot of requests with http 1, chnged it to
(not http.request.version in {“HTTP/2” “HTTP/3” “SPDY/3.1”} and http.referer eq “” and not cf.client.bot)

Now you essentially require a Youtube referrer. Not sure if you want that.

Referrer blocking generally is not very reliable, but if you really want to go that route, you need to include your own domain in the whitеlist.

Also, are you absolutely sure these HTTP 1.1 requests are not actual visitors? Most mainstream browsers do support HTTP 3, but 1.1 is still far from uncommon.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.