Firewall Rule Not Stopping JS Challenge


I’m on the free plan (not sure if this is my downfall??) and I’m trying to allow a proxy through my site that is sending the request with a specific HTTP header name, let’s say “X-Test” and the value is “1”

I have the following rule:
any(http.request.headers.names[][] contains “X-Test”) - Allow

Still the requests with that header set are getting a Bot challenge. If I disable the “Bot Fight Mode” all starts working again.

Any help or pointers would be much appreciated.

Most likely, this is another example of a lack of bypass for the Bot Fight feature.

Have you tried a more straightforward Allow rule, such as IP address or ASN?

Thanks for your reply. I didn’t know that the bypass of Bot Fight was not possible! That would explain the issue! I thought bypassing the “Security Level” would let it through any bot protection.

I have tried with ASN and still the Bot Fight is still not bypassed.

Is there an open feature request for bypassing Bot Fight?

Turn it off.

1 Like

Yep, I think you’ve hit the nail on the head there! :+1: :grinning:

The problem with turning it off is that then the site gets hammered by bots. I’ll have to find a different tactic for them.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.