DDOS ATTACK from all geos - want specifec traffic to skip

What is the name of the domain?

tadawoul.com

What is the error message?

server down

What is the issue you’re encountering

DDOS ATTACK from all geos - want specifec traffic to skip

What steps have you taken to resolve the issue?

Applied WAF custom rule to give managed challange to all.
I tried to let speciefec traffic with FULL URI containing specifec quary string (for example allow=1), the problem with this solution that it allows only the first request, so the page loads, but all assets (images, JS, etc) gets blocked.
Is there a way to allow all requests from a visitor if he entered the website with (allow=1) in his URI? and no only the specifec request with allow=1

What is the current SSL/TLS setting?

Full (strict)

A challenge sets a cookie on the first request so does what you want anyway.

Apart from rate limiting, the WAF is stateless so each request is handled on its own merit.

Try this guide which shows you how to tune the WAF to block attacks…

I’m asking because it doesn’t.
I did add managed challenge to all traffic that URI doesn’t contant allow=1.
what happened is that if you have allow=1, the first request - loading the html would pass, you wouldn’t not get to solve a challenge at all, the rest of the same page requests (images / js / css / etc) would get 403 error - blocked by cloudflare.
What I want to do is when the first request has allow=1, all other requests from same visitors pass the filter as well.

When you pass a managed challenge, you don’t need to pass another one for a time period. By default that is 30 minutes and is configured as here…

If you want to write your own system that detects allow=1 and permits it for some time (as I said, the WAF is stateless), you will need to use a Worker maybe with some state storage or cookie setting, or maybe a Snippet that sets/checks cookies.

Thats the problem, since the pageview traffic with allow=1 skips the managed challenge all together, the first request (which could do a challenge) skips, but all the others (images/css) get 403 - blocked.
Is there a way, maybe using worker or tweeking the rule to fix that?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.