Also notice that cloudflare has many known bots include those that acts as monitor for example those for check speed etc I have a similar issue time a go and it was the automatic bot check of wordpress that constantly checks my site and another from a security website scanner and so on
So what I did is that if there is a known bot but the ASN is not from Facebook, Google Yandex Baidu or Microsoft block the request and that solve the problem Google bot bing bots and yandex bots are able to bypass but the other ones are just blocked.
Of course I did that just for an specific page the other ones I just leave as it. Also I did huge blacklist of ASN for example OVH allow many bad traffic from their networks because they operates VPN tor and many malware websites so I just block the ASN of OVH and suddenly a huge amount of bots and bad traffic disappeared because most of then were coming from the OVH network so it takes time to take advantage of the cloudflare firewall but once you find a way to adapt it to you needs the your life will become easy
So I suggest to check the cloudflare firewall logs to see who is sending so many traffic to that specific page
Maybe there is a known bot bypassing the challenge.