Firewall events still list every request after challenge


#1

Currently the list of firewall events shows every single resource request for requests which were originally challenged (JavaScript, possibly also captcha) but have already passed the challenge successfully on the first request. That kind of floods the event list.

@cloonan @cscharff @alexcf


Blocked user-agent being wrongly whitelisted
#2

Just tested, captcha too.


#3

I promise, I am not imagining things, am I? :confused: :wink:

Nobody comments on that?


#4

You’re probably imagining things. What’s the firewall rule you’ve set up? I’d like to add one to a test site to see what happens.


#5

What makes you think I do? The rule shouldnt matter, set up one which challenges you based on your IP address, for example, and you will get entries for each single resource request, despite having passed the request already with the root request.

Again, the shown list originated from one single successful page load. There is not much room for imagination.


#6

Ok, it’s not your imagination. I just added a Firewall Rule that contains the hostname, then JS Challenge.

After pausing for the JS Challenge, it fully loaded the page.

So…yeah…why did it log a challenge when only the first URL triggered it? I’m guessing it’s a bug with how Firewall Rule matches get logged.

If I change my rule to only match a path of “/”, naturally only one event gets logged and the page still loads fine after the challenge.


#7

What I have been saying for a year :wink:

Any fix?


#8

Maybe when they revamp the Firewall Events Log they’ll fix it. :crossed_fingers:


#9

@alexcf


#10

Bumpydibump, @alexcf


#11

This logging behavior should definitely change. I’m also very annoyed that the Allow rule for known bots gets every known bot visit recorded, though I understand why it is recorded.

When you add to the equation the fact that the firewall events search often doesn’t work, this all make the log almost useless. One has to browse the results page after page for several pages to get a feeling of what’s relevant (blocks and challenges) for any given day.


#12

A custom filter would be nice…or at least an un-filter to mute out the most annoying and useless alerts.


#13

I feel properly ignored at this point :disappointed:


#14

@floripare and I have thoroughly enjoyed your monologue. :grin:


#15

floripare, not sandro? :smile:

If it hadnt been for you and floripare, I would have been all talking to myself :+1: :crazy_face:


#16

We’ve been your audience. You’re doing great! :clap::clap::clap::clap::clap::clap::clap::clap::clap::clap::clap:


#17

:bowing_man:t2:

Though, if there’d be any sort of feedback I’d still appreciate it much :smile:. Any, @cloonan, @alexcf? :pray:


#18

I have only been reading along, sorry @sandro :joy::stuck_out_tongue_winking_eye:


#19

I realised that Matteo, I realised that :sob: :crazy_face:

Lurker! :laughing:


#20

Don’t worry, I have my own Cloudflare employee who is somewhat ignoring me :sweat_smile: