My users get blocked after i added cross subdomain analytics
What is the current SSL/TLS setting?
Full (strict)
What are the steps to reproduce the issue?
When i go from one of my subdomains that drops the cookie, to another one of my subdomains, Cloudflare blocks me. When i clear the cookies, it works again.
I found the cookie causing a problem (its structure has multiple symbols), is there a way to allowlist that specific cookie ? That way i don’t have to decrease my PL.
Thanks in advance for your help, it is much needed.
If the block is coming from Cloudflare, then you can create a WAF custom rule checking for the if the request contains the cookie in question to skip the remaining custom rules under this skip rule.
If the block is coming from a managed ruleset and not from a custom rule, then I would recommend configuring a WAF exception instead. It is important to note that skip/exception rules should be placed above the rules you want to skip, otherwise they will not work as expected.
Below are some documents that should help you with this: