What is the name of the domain?
spedirepro.com
What is the error message?
Sorry you have been blocked
What is the issue you’re encountering
M2M communication are being blocked by Bot Protection
What steps have you taken to resolve the issue?
First method (failed): use page rules to disable Web Application Firewall on api paths
Second method (failed) (How to white-list certain URLs?): use WAF to “Skip all remaining rules” on api paths requests
Third method (successful) ("bot flight mode" + whitelisting) (How to whitelist my own bot - #2 by fritex): allowlist our VMs that make M2M communication, but that doesn’t cover requests from partners.
How can i allowlist urls from Bot protection?
The issue is when other providers try to communicate with our apis. Their requests are blocked by Bot protection.
Was the site working with SSL prior to adding it to Cloudflare?
Yes
What is the current SSL/TLS setting?
Full
What are the steps to reproduce the issue?
Website with Pro Plan.
Security → Bots → Configure Super Bot Fight Mode → Definitely automated → Block
Security → Bots → Configure Super Bot Fight Mode → Verified bots → Block
Send dozens of API calls to the website and you will get marked as a Bot and blocked.