Huge Problem with FavIcon HotLink Protection


In the last Days i got a huge surge in FavIcon HotLink Protection Firewall Blocking for my Website FavIcon.

I think main Reason for this surge in FavIcon HotLink Protection Firewall Blocks
is some Kind of Prealoading of the Website by Webbrowsers
or Rich Snipet Embeded on external Websites.
This Blocking by the Firewall should not Happen for the FavIcon as no other Resources else
are HotLinkProtected and reported !

Its Only the FavIcon that get blocked by the Firewall this is clearly bad and i dont want this to happen.
Its clearly a False Positive Block.

I want to Disable this False Positives FavIcon HotlinkProtection.

I have read the Forum and found a Soltion how to disable HotLink Protection for the FavIcon by creating a Firewall Rule and set the Uri Path to be allowed.

While this Works for the Majority of Acesses there is still
HotLink protection for this Resource is still reported in the Firewall and the FavIcon gets still HotLink Protected even it should be Not !

Can Somebody Please Help with this Strange False Positive Blocking by the Firewall !

I also created a Page Rule to disable the Security for this Resources but it does also not help to create a Hole for the HotLink protection for this Resource.

Thanks a Lot for the Help!

The Firewall Rule to Disable the Hotlink Protection does
clearly not work for all Acesses.

Some newer Webbrowsers and Operating Systems are getting Blocked
still but should be not.

See User Agents in the Picture.

Why not change the “Allow” to a “Bypass” for hotlink protection?


May I ask in terms of a Firewall Rule with the action Allow from above screenshot, does it show both Allow events or rather a Block events due to the Hotlink protection option being enabled?

Is this shown for the normal users or rather some partner Websites, if so?

In case we need some help a bit from articles:

1 Like

Hi sdayman !

Thank you very much for your fast Reply.

I studied the Docs here and came to the conclusion to use
“Allow” instead of “Bypass” becouse as written

" Requests which match the Bypass action are still subject to evaluation (and thus a challenge or block) within Firewall Rules

My understanding is that “Allow” Action is the best choice to avoid additional Firewall Checks but i may be wrong

  • Matching requests are exempt from challenge and block actions triggered by other Firewall Rules content."

I changed it now to Bypass and will report back.

1 Like

Hi fritex.

It show both the Allow events and Block Events in the Graph Picture but also
in the Overwie List beside the Block Reports it show also the Allow reports.

Its for my personal website no partner website.

Hi sdayman.
Hi fritex.

Just wanted report after switching from allow to bypass
that now no more firewall blocks appear for the favicon resource.

The Solution is to use bypass action instead of allow action.

Thanks a lot for the Help.


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.