Disable JS challenge for API subdomain

If I use “I am under attack” mode, CloudFlare shows JS challenge for visitors for all subdomains.
My website has api subdomain, which redirects to backend server, www subdomain redirects to frontend server. I want to show JS challenge only on frontend server, but not backend.
How can I do this?
Thanks in advance!

Hi @mr_maks_cool,

You can either leave the global security mode, but change it for the subdomain via page rules, or you can take it off under attack mode and configure the JS challenge on specific hostnames via firewall rules.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.