DDOS ATTACK from all geos - want specifec traffic to skip
What steps have you taken to resolve the issue?
Applied WAF custom rule to give managed challange to all.
I tried to let speciefec traffic with FULL URI containing specifec quary string (for example allow=1), the problem with this solution that it allows only the first request, so the page loads, but all assets (images, JS, etc) gets blocked.
Is there a way to allow all requests from a visitor if he entered the website with (allow=1) in his URI? and no only the specifec request with allow=1
I’m asking because it doesn’t.
I did add managed challenge to all traffic that URI doesn’t contant allow=1.
what happened is that if you have allow=1, the first request - loading the html would pass, you wouldn’t not get to solve a challenge at all, the rest of the same page requests (images / js / css / etc) would get 403 error - blocked by cloudflare.
What I want to do is when the first request has allow=1, all other requests from same visitors pass the filter as well.
When you pass a managed challenge, you don’t need to pass another one for a time period. By default that is 30 minutes and is configured as here…
If you want to write your own system that detects allow=1 and permits it for some time (as I said, the WAF is stateless), you will need to use a Worker maybe with some state storage or cookie setting, or maybe a Snippet that sets/checks cookies.
Thats the problem, since the pageview traffic with allow=1 skips the managed challenge all together, the first request (which could do a challenge) skips, but all the others (images/css) get 403 - blocked.
Is there a way, maybe using worker or tweeking the rule to fix that?