What is the name of the domain?
0
What is the issue you’re encountering
API calls blocked due to BOT cheks
What is the current SSL/TLS setting?
Off
What are the steps to reproduce the issue?
I am seeing a bot scans which are succesfuly handled (challenged or blocked) by cloudflare.
the problem is that for the api, there are some genuine callers. im not able to allow them. i have added a custom header which is coming in call, and on top of which i have added a custom WAF rule to skip. but apparently it just does not work. the calls are still challenged. since the response returned in case of challenge is html, the call fails.
i saw in one of the pot to add ASN or ip address, i can not do that. all the attacks i see now are using google, microsoft or amazon ASNs. if i allow any amazon aws ASN for my case it works, but, then it allows everything else as well. any insights on how this can be done ?