CloudFlare blocks my own processes


My WooCommerce website had a DDoS attack last night so I have set up Cloudflare this morning. It works well but the problem is that I have some processes that need to access the WooCommerce API and now they are blocked by Cloudflare. These processes are running in a VM that do not have a fixed IP Address so unfortunately I cannot use the IP Whitelist. I can however identify them thanks to their User Agent so I have added a WAF rule to allow these user agents but it does not work. I am calling the REST API to retrieve some information and instead I have in return an HTML page saying that Cloudflare is checking my browser.
Do you know how I could configure Cloudflare so that my jobs can bypass it ?

The activity log on will tell you what caused the challenge to be served.

If it’s Bot Fight Mode, your only options are disabling it or whitelisting the IP address - and since you can’t do that since the IP address isn’t fixed, only disabling it will work.

1 Like

Thanks @KianNH
It seems that my calls are blocked because of the Service “Security level” and the Rule ID riskyiuam_bot_score
Is there any way to white list a User Agent so that it can bypass this rule ?
I don’t want to remove this rule as it has also blocked a lot of malicious calls.

Make a Firewall Rule that matches your User-Agent, has the action of Bypass and then select Security Level in the bypass ‘options’.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.