Firewall does not like bypass or allow?

I have been using an integration for about 2 years with a company for shipping labels. All has been fine until about 4 days ago and something changed. The integration is failing. The best I can tell it is failing a managed challenge by a managed rule.

So I know they use the shiprush agent and so I put a new rule to allow if it is shiprush agent. I then tried a second rule to bypass if the agent is shiprush. It still fails.

So then I disabled managed rules - still fails.

The question is, when i put bypass on the FW rules, why does it still run the managed rule test? It always shows me 3 entries in the log in the same second. the one for the allow, the one for the bypass and the one for the managed rule.

And then it fails and I assume because the integration can not pass a challenge

So is there another way to whitelist or something beyond the allow and bypass?

What’s causing the challenges in the firewall activity log - managed rules or bot fight mode?

It my be fight bot mode - because things are better now that I shut it off.

But in the logs it does say

26 Apr, 2022 19:07:49 Managed Challenge United States 52.185.208.65 Managed rules (new)

OK - so if it is fight bots and says managed rules - that is a minor issue.

The question is then, is there a reason that bypass and allow rules do not override this rule? And is there a reason my shipping integration is now included in the bad bot rules?

Right now my only option is do disable bot protection to do my shipping labels.

So bot fight mode cannot be overridden because it runs earlier than the WAF, and so therefore blocks anything before the WAF has the chance to add a Bypass.

I’d recommend disabling Bot Fight Mode and then using your own rules to block malicious activity (for example, matching on Threat Score). Without Enterprise you cannot get bot score within a Firewall rule.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.