Custom rule with skip action doesn't work

sbelyaev · July 5, 2023, 9:16am

I added custom rule with skip all the WAF components. But it seems that it doesn’t work. This custom rule skip all the WAF components for source IP 54.236.101.194

But traffic from 54.236.101.194 is still being blocked

{
    "action": "block",
    "clientASNDescription": "AMAZON-AES",
    "clientAsn": "14618",
    "clientCountryName": "US",
    "clientIP": "54.236.101.194",
    "clientRequestHTTPHost": "api.fanzen.com",
    "clientRequestHTTPMethodName": "POST",
    "clientRequestHTTPProtocol": "HTTP/1.1",
    "clientRequestPath": "/api/live-stream/antmedia-webhook",
    "clientRequestQuery": "",
    "datetime": "2023-07-05T08:13:33Z",
    "rayName": "7e1e263b6c5982ff",
    "ruleId": "874a3e315c344b1281ad4f00046aab6f",
    "rulesetId": "48ba18287c544bd7bdbe842a294f1ae2",
    "source": "firewallManaged",
    "userAgent": "Apache-HttpClient/4.5.13 (Java/11.0.17)",
    "wafAttackScoreClass": "clean",
    "matchIndex": 0,
    "metadata": [
      {
        "key": "ruleset_version",
        "value": "7"
      },
      {
        "key": "version",
        "value": "6"
      },
      {
        "key": "type",
        "value": "customer"
      }
    ],
    "sampleInterval": 1
  }

Chaika · July 5, 2023, 1:32pm

I believe the Ruleset 48ba18287c544bd7bdbe842a294f1ae2 and Rule 874a3e315c344b1281ad4f00046aab6f corresponds to Bot Fight Mode, which you cannot skip. Your only options would be to disable Bot Fight Mode for your entire domain, or upgrade to Pro which has Super Bot Fight Mode, which you can skip. Cloudflare has stated before they plan to eventually support skipping normal Bot Fight Mode as well: Super Bot Fight Mode is now configurable!

sbelyaev · July 5, 2023, 2:16pm

We are already in Pro and judging by check-box “All Super Bot Fight mode Rules” on attached screenshot of custom rule ther is possibility to skip it