An Azure workflow is trying to access one of our APIs but keeps getting blocked (403 with bot challenge). I can also see these requests in Security → Events, the Service is “Bot fight mode”.
I added a firewall rule to skip the firewall for the specific IP but the requests are still blocked, 5 days after I created the rule.
Here’s the firewall rule:
You can’t skip Free Bot Fight Mode. Pro or above has Super Bot Fight Mode which you can skip there, but not free’s Bot Fight Mode. It is eventually planned to be able to skip the free version, as per the blog post: Super Bot Fight Mode is now configurable!, but no ETA or more information yet.
Important considerations you need to be aware of before turning on BFM or SBFM
- BFM and SBFM are high security features intended to quickly help customers under active attack stop as many bots as possible. Due to the high security threshold, false positives do sometimes happen.
- BFM has limited control. You cannot bypass or skip BFM using the Skip action in WAF custom rules or using Page Rules. BFM will be disabled if there are any IP Access rules present. If you turned on BFM during an attack, and the attack has subsided, we recommend either disabling the feature using IP Access rules to bypass BFM, or looking at Bot Management for Enterprise, which gives you the ability to precisely customize your security threshold and create exception rules as needed.
FAQ · Cloudflare bot solutions docs
You can disable it entirely, but nothing else. As per the article above, BFM is recommended to enable while under attack, and disable otherwise.
If you are on Pro or higher with Super Bot Fight Mode, I’d double check your custom rule will match, for example if your Azure workflow has IPv6 and you’re only allowlisting IPv4. The Security Event should show the IP and other information.
I got it to work.
Turns out that instead of a “Custom Rule” allowlisting the IPs I had to add them to the “IP Access Rules” in the “Tools” tab. Now those IPs no longer see the bot protection page.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.