How to whitelist urls from bot protection?

What is the name of the domain?

spedirepro.com

What is the error message?

Sorry you have been blocked

What is the issue you’re encountering

M2M communication are being blocked by Bot Protection

What steps have you taken to resolve the issue?

First method (failed): use page rules to disable Web Application Firewall on api paths
Second method (failed) (How to white-list certain URLs?): use WAF to “Skip all remaining rules” on api paths requests
Third method (successful) ("bot flight mode" + whitelisting) (How to whitelist my own bot - #2 by fritex): allowlist our VMs that make M2M communication, but that doesn’t cover requests from partners.

How can i allowlist urls from Bot protection?

The issue is when other providers try to communicate with our apis. Their requests are blocked by Bot protection.

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full

What are the steps to reproduce the issue?

Website with Pro Plan.

Security → Bots → Configure Super Bot Fight Mode → Definitely automated → Block
Security → Bots → Configure Super Bot Fight Mode → Verified bots → Block

Send dozens of API calls to the website and you will get marked as a Bot and blocked.

Screenshot of the error

If you have a Pro Plan with Super Bot Fight Mode you can configure WAF custom rules to skip SBFM for your API hostname, URL and/or customer IP addresses.

Check the reason for the block in your security event logs and craft WAF rules as needed to allow access in as restrictive a way as you can…
https://dash.cloudflare.com/?to=/:account/:zone/security/events

3 Likes

Hi @sjr and thanks for the reply!
What value should i set here for WAF components to skip step?

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.