Firewall Rules has the option to me to create a bypass rule for WAF, but it doesn’t work.
WAF is blocking some POST requests to /wp-json/, which breaks Gutenberg editor. What i need is to bypass requests from users that have a login cookie.
I tried that, but it doesn’t work. Then i thought it might be a cookie issue (maybe CF doesn’t see the cookie?), and i tried bypassing the IP… and it didn’t work either.
So my question is: does this bypass rule even work? Is this a bug?
In this case, that would be the only way for me to fix the problem. I can’t disable the Rule ID, because it is blocking legit attacks. And my employees use dynamic IPs, so i can’t bypass in the Tools tab, either.