I have a list of bad ASNs, still dont prefer to block in order to avoid the chance of blocking legit end users. For this FW rule, I dont care about user friendly (managed challenge).
I read that managed challenge applies small non-interactive challenges and evaluate then the traffic might pass without applying visual puzzle. while, in the interactive the visual challenge will be applied.
So, is it correct that interactive challenge is the hardest for BOTs and other none end user to solve ? in other words, initial series of small challenges VS visual puzzle. which is harder for BOTs to solve?
Most bots will have a hard time both with Managed Challenge and Interactive Challenge. The Interactive appears to be more effective. But that don’t means that you’re safe from every bot as there AI Based bots that can solves theses challenges and services like 2captcha.
Then proceed with your plan. But I still recommend Managed Challenge. In my experience, every bot that received the challenge did not reach my origins with MG. It’s is effective and like I’ve said, most bots will have a hard time with it and will probably need special configurations to bypass it. But most of the bots don’t have this “special mechanism” because a lot of them are from script kiddies or the hacker simply don’t bother to update the bot.
Most users hates solving interactive challenges, and will simply close the website when receiving one. Even me started to do the same. Many thanks to Cloudflare for creating Turnstile.
Yes. I use the managed challenge everywhere. But on this rule because it is hosting providers ASNs, i wanted to use the hardest challenge instead of blocking
I see. I don’t know if they allow Free plans to active it now. Or it’s was just with the old Hcaptcha.
But basically, you’ll get this every time when you get the interactive challenge, meaning that you need to click on the verify I’m human button. And the managed will choose if it will run a series of challenges, a interactive or if it will block the request.
