Thanks! I use the regular/free account, i.e., the normal bot-fight mode. Your suggestion didn’t work, still, hstspreload tells me that my website is not redirected to https.
I have another domain which is on a cloudflare premium account with superbot-fightmode. Interestingly, here hstspreload works without any additional rule.
Regarding the regular bot fight mode, I just couldn’t figure out the ip, referrer or whatsoever to create an appropriate firewall rule. For the time being, I have disabled the botfight mode, but this is, of course, not a good solution.
Now you’ve jinxed me. They’ve changed user agent strings, and for the life of me, I can’t get my Allow rule to work.
I can only guess that my setup no longer works only because it wasn’t blocked by Bot Fight Mode, but my ASN block, so my exception worked before. But now the HSTS bot is tripping Bot Fight Mode, so Firewall Rules won’t work there. So much for that.
I know what you mean. I tried almost everything, couldn’t get it to work. Interestingly, with a pro account, it works, so there must be a rule which is automatically included in the pro super-bot option.