Inconsistent Firewall Behavior Blocking Dropmysite Bot

I’m “under attack” mode.

I’m experiencing an issue with my website’s firewall configuration, where the Dropmysite bot is being inconsistently blocked even though I have a custom firewall rule in place to allow it. I would like your assistance in resolving this issue.

The Dropmysite bot uses the following User-Agent: “Dropmysite Monitor/1.0; +https://www.dropmysite/en/monitor” and has the IP address is determined in the Firewall Skip rules.

I have created a custom firewall rule called "Known IPs " to allow the bot to access my website without being blocked. However, I’ve observed inconsistent behavior in the firewall events. In one instance, the bot was blocked by a Managed Challenge with the Rule ID “riskyiuam_bot_score”, while in another instance, the bot was allowed to access the website with the action “Skip” due to the custom rule “Known IPs”.

Here are the details of both firewall events:

Blocked by Managed Challenge (riskyiuam_bot_score):
    Date: Mar 25, 2023, 12:09:56 PM
    User-Agent: Dropmysite Monitor/1.0; +https://www.dropmysite/en/monitor

Allowed by custom rule (IPs conhecidos):
    Date: Mar 25, 2023, 12:09:56 PM
    User-Agent: Dropmysite Monitor/1.0; +https://www.dropmysite/en/monitor

I would like to know why the custom firewall rule “Known IPs” is not consistently allowing the Dropmysite bot to access my website and how I can resolve this issue. I have tried reordering the firewall rules and adjusting the security level, but the issue persists.

Would this fit your needs?
Leave the Known IP firewall rule in place and move it to priority one. In priority two, make a firewall rule that throws a managed challenge at all requests (Almost the same thing as under attack mode).

That’s a ood idea. Why is this ‘almost’ the same thing?

I believe UAM has more features enable than just a managed challenge but I am not entirely sure.