How do I stop these puzzles from showing up while working on site?

We set up the $20 dollar Cloudflare plan on our site some time last week.

Myself, and others, who work on the site’s backend continue getting these authentication puzzles popping up (“select all images with a bicycle”), every 15 minutes or so.

I tried adding our IP address to the firewall settings, but didn’t help.

How can I turn this off, just for us, so that we can work without continued interruption from this?



These are CAPTCHA challenges and your firewall event log should tell you why they appear.

Then you can adjust your settings or whitelist addresses.

1 Like

Thank you Sandro, trying to figure out how to whitelist. Create Firewall Rule?

And excuse my ignorance with these questions, but then I select IP Source Address? (that’s same as IP address?)

Then select “Bypass”? And I don’t see CAPTCHA as an option to Bypass. Bypass “Browser Integrity Check”?

Thanks for the extra guidance here.

You could do some adjustment with a firewall rule too, but you should first establish what issues the challenges.

Look for one of the blocked requests in the list and post a screenshot of its details.

You could also whitelist entire address blocks at but it’s best to first establish why the proxies challenge in the first place.

Are you the US requests? In that case you’d need to tweak WAF. Either disable it, or skip it for some addresses, or disable that particular rule → details once more.

I’m the US version (well few of us here) and Venezuela is someone else working on site as well

In that case you are connecting via IPv6 and you’ll need to whitelist that address instead. Venezuela goes via IPv4.

Open one of those entries and post the details.

I see large parts of IP are the same between visits, but then the string has a bunch of different numbers at the end

But these are your requests, right?

You can adjust WAF at

yes, these are my requests. I’m confused now though, this is a new page (and I can’t make sense of where to go). Thought I whitelisted the ips somewhere else? Also, up to what character do I put the IP?

Do you have a fixed set of addresses to begin with?

Yes, actually I do, seeing different IPs, but repeating characters. Can use those

Where do I enter them?

Then you’d whitelist them at

You can also set up a firewall rule

1 Like

Awesome, will try this. Thank you

Be aware that if you create the rule as listed then ANY access from ANY IP address will bypass WAF Managed Rules.

You should really specify your static IP addresses in the IP Tools which will automatically bypass the whole thing but only for you and your team.

Sure, there is no check in that rule, but if the IP addresses change the IP rules will be of little help and whitelisting the path is the most reasonable option short of disabling WAF altogether.