I CANNOT Get rid of the Security Check

I have a sub domain, and a rules on it:

https://mysub.mydomain.com/*

SECURITY: ESSENTIALLY OFF

However, it is STILL asking for the Browser Security Check, they have to click the I’m not a Robot button.

This is HUGELY disruptive to our organization – how do I fix?

Hi @user2157,

Can you check your firewall events log to see if it shows what triggers the challenge?

Hrmmm

That is on of the rules in Cloudflare’s WAF, are you on a paid plan?

You can disable the WAF (or just that specific rule) if you want, but it is not recommended. Is it the same rule fired for every user?

Yes, seems so.

Also looks like another one of our admins might have disabled the other rules I added, or they didn’t save. So here it is now:

I know we should keep the firewall on – but our software is unuseable at the moment :confused:

That should work, but I would suggest you look into what is causing that rule to trigger. Maybe one of the other MVPs can assist with this.

1 Like

/course/modedit.php
/lib/editor/atto/autosave-ajax.php

These two URL’s are triggering it – probably for SQL injection attack – but they’re our staff members lol.

I added a buncha rules, they’re trying now.

This topic was automatically closed after 30 days. New replies are no longer allowed.