How to force firewall captcha

I added firewall rule and set action Challenge (Captcha) - 2021-12-23_11-41-56.png — Яндекс.Диск
But mostly Cloudflare checks browser and doesn’t show captcha - for good user it looks like this 2021-12-23_11-35-09.png — Яндекс.Диск

I have a huge bot traffic on my site (more than 3000 visits per day) and bots look very similar with real users - have real user agent, cookies and other (it is for cheating behavioral factors for Yandex search engine). So they pass browser check and don’t see captcha like they are real visitors.
So firewall is useless

How can I make this rule to show captcha everytime for everyone?

1 Like

Narrow it down to only checking the Path. Get rid of the Referer check, but keep the Known Bots exception. And make sure it’s the first rule in your list.

In that case all traffic, including seo from google and yandex will see captcha. It’s bad

No, that’s why you leave the Known Bots exception in there.

I mean not Yandex or Google bots. I mean real good users of my site - each of them will have to solve captcha - its bad, very bad. I want to show captcha just for direct traffic on my site. How can I do this?

That’s not what you asked:

That’s the JS Challenge. But you want them to get a CAPTCHA instead?

If so, take a look at the Firewall Events Activity Log. That JS Challenge should show a Ray ID at the bottom that you can search for in Firewall Events to see which setting is causing that.

I ment - for everyone with my settings - referrer equals “”
It means that rule must work just with direct traffic
But the problem is in captcha - it doesn’t show captcha to direct traffic

I will repeat again:
I want to show captcha, not js challenge and just for direct traffic.

As I said:

Ray ID is different in each entry. For example 2021-12-23_22-44-00.png — Яндекс.Диск
2021-12-23_22-44-20.png — Яндекс.Диск
I don’t understand what to do with this Ray ID


Filter for Ray ID:

YES, just ONE entry for each ray ID
look 2021-12-23_22-47-53.png — Яндекс.Диск

I’m unable to trigger a CAPTCHA. I also get the JS challenge only.

Is that the first Firewall Rule in your list? The Expression in your screenshot doesn’t match the the first screenshot in your first post.

Yes, it’s the first rule 2021-12-23_23-01-39.png — Яндекс.Диск

The expression is 2021-12-23_23-02-13.png — Яндекс.Диск

Me too)

Please open a ticket through email to: support AT cloudflare DOT com

Post the ticket # here as soon as you get the autoreply so we can escalate it.

Got it


1 Like

Ok, I’ve added that ticket to the escalation queue.

1 Like

Also can you explain for me the difference between Challenge (Captcha) and Managed Challenge?

Good question. I don’t recall a definitive answer, and the answers I have seen contradict each other.

One opinion, based upon Enterprise logging is that it’s a challenge that was not completed/solved.
Another option is that it’s a challenge that wasn’t triggered by a firewall rule, but yours clearly was.

I didn’t get any response on my ticket.

It’s probably going to take a few days, as many are taking time off to spend time with their families during the holidays.