Free Plan, enabled Bot Fight Mode, upgraded 2 Pro, now cant disable Bot Fight Mode

Describe the issue you are having:

I enabled Bot Fight Mode when I was on the Free plan, then upgraded later on and now I can’t disable it. I know it sounds a little crazy, but I have set a simple WAF rule that is not working as expected, I think, the Bot Fight Mode is still ON, even if the I set “WAF components to skip” “All Super Bot Fight Mode Rules” - because, according to the docs, you can skip the SBFM but not the BFM Get started with Bot Fight Mode · Cloudflare bot solutions docs

On the Free plan:

Now, when I visit Security > Bots


I clicked on Configure Super Bot Fight Mode, Allow all the items, and turn off everything

when I try to curl -I -X GET 'https://example.com/api/v1/something'

HTTP/2 403 
...
cf-mitigated: challenge
...
(with the body of the Challenge page)

If I bypass CF, I get a 200 - I did include a WAF rule to match a URI Path that contains /api/, no luck, tried also a User Agent that contains curl, also no luck.


When I checkout the CF-Ray ID in the security events, it says “skip” so the rule is working but I still get a challenge? it has to be the Bot Fight Mode right?

What error message or number are you receiving?
403

actually just found this topic Unable to deactivate Bot fight mode in the pro plan - #4 by user3996

Sadly, that didn’t fix my issue :confused: I wish there was a way that CF would tell you what exactly rule or logic blocked your request, maybe some debugging mode or so

So basically this is coming down to: Why does my Security > Event says Action taken “Skip” as requested by the WAF Rule, BUT in reality it gets a 403 with cf-mitigated: challenge header

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.