My website is under some kind of bot traffic attac, spiking traffic on some URLs and from some particluar countries like USA. So I just set my site to use Cloudflare with these Challange captcha for all SSL/HTTPS traffic.

But as I remote publish posts via xmlrpc, which is not working anymore.

I tried allowing the IP address of VPS i remote post but no luck.
I’ve also created a page rule as:
Disable Security, Always Online, Security Level: Essentially Off

But still no luck

Could you please help me out here?

How did you do this?

I just setup a firewall rule of when incoming requests matches SSL/HTTPS then shows challenge captcha.

In that firewall rule you could exclude the file in question.

How do i do that, I tried but no luck or maybe I dont know how to do it.

Post a screenshot of your page rule and the full URL you want to exclude?

Rule.png982×489 6.38 KB

That’s the screenshot mate

and url would be www.example.com/xmlrpc.php , site has ssl though

In that case you simply “and” your current expression with (http.request.uri.path ne "/xmlrpc.php")

Oh man, I totally forgot about not equal condition!

Thanks a ton mate

This topic was automatically closed after 30 days. New replies are no longer allowed.