I’ve already sent support tickets in relation to this, but I am hoping I will get a quicker resolution here. I’m Under Attack Mode appears to be blocking all verified bots, including Googelbot and even your own heath checks. As soon as I activate it, your heath checks report a response code error, and soon after, I get messages from Google saying they are being blocked from indexing my site. I hope this can be fixed ASAP.
This is to be expected. Under attack mode will issue a challenge to all connections to your site that any automated tool will be blocked by. You can tune it with configuration rules.
https://developers.cloudflare.com/fundamentals/reference/under-attack-mode/
2 Likes
This isn’t how it has worked in the past - it never blocked Googlebot or Cloudflare’s own heath checks before. Is there a way to explicitly configure it to allow verified bots?
Instead of using “I am under Attack”, you could create a WAF rule with not cf.client.bot → Then take Action: Managed Challenge.
3 Likes
That’s a great suggestion! Thanks!
You also may need to add a rule to allow your healthchecks. We found even at medium security, Cloudflare would intermittently block its own health checks and logpush to our origins until we put an exception in the WAF for them.
1 Like
Yes see what under attack mode is Under Attack mode · Cloudflare Fundamentals docs and the section about using rules for more custom tailored protection via adjusting security levels Security Level · Cloudflare Web Application Firewall (WAF) docs (use greater that 0 threat score is under attack mode equivalent ) and as mentioned using known bots, cf.client.bot
To enable I’m Under Attack Mode for specific pages or sections of your site, use a Configuration Rule to adjust the Security Level.
To enable it for specific ASNs (hosts/ISPs that own IP addresses), countries, or IP ranges, use IP Access Rules.
1 Like
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.