What is the name of the domain?
What is the error number?
xxx
What is the error message?
xxx
What is the issue you’re encountering
How to allowlist admins but not by using their IP addresses because are dynamic?
What steps have you taken to resolve the issue?
Our admins edit pages that sometimes contain Javascript. The JS is legitimate. Cloudflare’s Web Application Firewall (WAF) thinks that is an XSS attempt and blocks the admin. How do we allowlist admins so that they can edit pages with scripts?
-
We tried allowlisting by IP address but several of our admins are assigned IP addresses dynamically, so we end up changing the allowlist almost daily.
-
We tried adding a custom variable to the User Agent on admins’ browsers and having Cloudflare allowlist any request with that custom variable. But only Chrome has an extension to modify your user agent, and every time there is an update to Chrome the user agent changes,