On my settings, Tor visitors are submitted to a captcha challenge, whatever the request. Some of them solve the challenge. Does this create a waf whitelist for them ? [image]

Does solving the challenge because of Tor allow a log4j attack?

Website, Application, Performance Security

eva2000 December 22, 2021, 5:50pm 4

The screenshot says Action Taken = Managed Challenge so that means the request didn’t pass the challenge from what I understand so the request would get 403 permission denied .

Topic		Replies	Views
What is the "Managed Challenge" Action in a Firewall Rule? Security	2	4410	December 27, 2021
Challenge Passage for WAF Feature Request Submitting & Feedback	5	2355	September 8, 2023
Managed challenges seem to sometimes allow users to bypass my custom rule Rules	3	1706	June 11, 2023
There is wrong action taken on firewall rules. It does take JS challenge instead of configured Legacy Captcha Security	3	1079	December 20, 2022
My Firewall Rule is set to "Legacy CAPTCHA" but the connections caught in the firewall still shows "Managed Challenge'? Security	2	2616	February 10, 2022

Does solving the challenge because of Tor allow a log4j attack?

Related topics