Hello,
I enabled the ‘Under Attack’ mode for my site.
I created a custom rule in WAF.
When the referrer is from google.com and the country is Canada, I set the security level to ‘SKIP’.
But when I test the site from Google results, Cloudflare captcha is still active and this rule does not work at all.
Thank you for your help.
(http.referer contains “google.com” and ip.geoip.country eq “CA”)
Under attack mode is an easy button to provide a challenge for all inbound requests. It applies globally. If you want to enable it selectively, you’ll need to diable the Global rule and create a selective rule to apply.
I disabled the ‘Under Attack’ mode based on your suggestion. Then, I created a rule for all continents to have challenges, and another to skip requests with referrer=google.com. Now, my WordPress site loads the page content, but none of the JavaScript, CSS files, or images load. It appears as basic HTML. When I check the network tab in Chrome, all these resources show a 403 error. I also created additional rules to skip GET and POST requests from Google visitors, but they have no effect. Could you please test this scenario with a sample rule?
Thankful
I use the free version and I can’t utilize the ‘Custom Pages’ option for Managed Challenge / ‘I’m Under Attack Mode™’ use or management
