Answer these questions to help the Community help you with Security questions.
Have you searched for an answer? Yes Describe the issue you are having:
When a CAPTCHA challenge or Managed Challenge is configured, and some successfully passes the challenge, there should be a way to reset all challenges, requiring those who had previously solved he challenge (and who match the WAF rule) to do so again. How can this be accomplished?
To reset WAF challenges, you can modify the expiration of the challenge cookie. Go to your Cloudflare Dashboard > Security > Settings, and edit “Challenge Passage”. This is the duration (in minutes) that a successful challenge response is valid. By reducing this value, you’ll require users to complete the challenge more frequently.
Thanks, however it appears that this doesn’t apply to WAF: The help screen says:
" Why doesn’t the TTL apply to the WAF?
Challenge passage does not apply to challenges issued by the WAF (Web Application Firewall) as these challenges are not based on the visitor’s IP address reputation."
Thank you. I was wondering, if you do quickly change a WAF rule to ‘Block’, and then back to ‘Challenge’, does this accomplish the same thing (force all previously passed challenge users to solve the challenge again) ?