Hi community and experts, your advice is highly appreciated.
I’ve enabled ‘under attack mode’, plus created few firewall rules based on user agent with the CHALLENGE (captcha) action. From what I see in my access logs (and google analytics) - there is still traffic accessing the site. In the access logs I don’t see CF token in the URI by the way.
I am thinking, there are ways to bypass CF (in example manually set-up NS) right… But how can I improve the situation and ensure everything goes through CF?
Relates to the previous topic: How to understand and tweak rules based on captcha success rate