Disable security for certain urls

Hello!

I have these endpoints that look like this subdomain.domain.com/api* that need to be cleared off from the security checks (currently I’m getting the JS challenge as a response when I try to make requests). I tried adding a firewall rule that looks like this (Screenshot - 8f769443cedefb1ee3be424f1e948846 - Gyazo) and also a page rule that has the url written as “subdomain.domain.com/api” and then the settings are set to “Disable security”. However I still can’t access those endpoints. Can you please assist me with this?

Try changing that Firewall Rule’s “Allow” to a Bypass for WAF and/or Security Level.

1 Like

Still no luck :frowning: I’ve added everything in the “Bypass” like in the screenshot.

Take a look at the Firewall Events log to see why those requests aren’t making it through. Log entries should show which security setting is stopping those requests.

1 Like

Where can I do that? I’m on the “Pro” plan.

https://dash.cloudflare.com/?to=/:account/:zone/firewall

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.