Is it possible to both Bypass and Allow the same request in Firewall Rules?

Looking for clarification on the documentation on Firewall Rules and action precedence.

We would like to write a Firewall Rule that both “Allows” requests through the firewall and “Bypasses” the “Rate Limiting” feature. (It’s easier to configure once here than per Rate Limiting rule.)

It seems like it could be possible by creating two rules and ordering the Bypass rule to fire before the Allow rule.

However, the documentation in the Firewall Rules > Actions article seems somewhat ambiguous, as it says both:

  1. “If the same request matches two different rules which have the same priority, precedence determines the action to take. […] The only exception to this behavior involves the Log action. Unlike the other actions, Log does not terminate further evaluation within Firewall Rules.”


  1. "Requests which match the Bypass action are still subject to evaluation (and thus a challenge or block) within Firewall Rules, based on the order of execution. "

Does the latter point mean that requests that match the Bypass rule could also be Allowed, “based on the order of execution”, or are “challenge or block” the only remaining possibilities? Either way, the second point makes it seem like Bypass makes Log actually not unique in not terminating further evaluation, which seems to conflict with the first point. We will test using one of our non-production sites, but I thought it would be helpful to post/ask here nonetheless.

Thanks in advance!

Related articles:

Yes, This Is Posible I am Using Multiple Rules At Time Like Challenge Allow And Block Some

Clarified the title to read, “[…] to both Bypass and Allow the same request […]”. The intention here is to both disable Rate Limiting and Allow through other firewall rules for given traffic.

Yes The Bypass And Allow Is the same Request Not Need This Combination Rule
The Combination Possible Is
Bypass + Block
Bypass + Challenge
Bypass + Js challenge
Like More Stuff
But What You need This Combination
Bypass + Allow, You Need To Try Cross Way Not This Way

If you

Just to follow up, creating ordered Bypass and Allow rules for the same traffic seems to work as desired. I confirmed that the same Ray ID triggered both rules for one of our production sites.

I do think the documentation could be clarified a bit (specifically, the comment that all actions but Log terminate further evaluation seems dated), but maybe this post can help clarify things.

Thanks all.

This topic was automatically closed after 31 days. New replies are no longer allowed.