Issue - Safelist Firewall Rule doesn't work - To Bypass Bot Fight Mode Check

Answer these questions to help the Community help you with Security questions.

Have you searched for an answer?
Yes, I was able to get the workaround working by looking for the Ray ID

and Identify what was blocking the request and I found Bot Fight Mode requesting JS Challenge

The only workaround is to disable completely the Bot Fight Mode

Describe the issue you are having:
Webhook trying to use with my domain, and it’s getting blocked

  • Service
    Bot fight mode

  • Action taken
    JS Challenge

What error message or number are you receiving?

What steps have you taken to resolve the issue?

  1. Tried to add a Firewall rule to ALLOW by IP address or ASN or PATH (didn’t work)
  2. Tried to add a Firewall rule to BYPASS by IP address or ASN or PATH (didn’t work)
  3. The only way to fix the issue is by disabling completely the Bot Fight Mode

Question:
Any idea how to get the Firewall Safelist/Whitelist/Exclusion to allow traffic and bypass the Bot Fight Mode instead of having it disabled completely?

Thanks

But, have you tried adding the IP Address with the action “allow” for your Website into the CF dashboard → WAF → Tools → IP Access Rules? :thinking:

More about it here:

I tried both ALLOW + BYPASS, no luck.

After some research it seems it won’t work in anyway, many threads here on the community complaining about that, including this article # https://support.cloudflare.com/hc/en-us/articles/360035387431-Frequently-asked-questions-about-Cloudflare-bot-products#h_5itGQRBabQ51RwT5cNJX8u

And search on Google article # Rant, Cloudflare Bot Fight Mode doesn’t provide firewall bypass or whitelist?

Also,

For now, I kept it disabled to get things working.

Just to add a note, Firewall Rules isn’t the same as mentioned IP Access Rules which are also mentioned in the above article at my post.

1 Like

I see that option now, thanks @fritex … added by ASN as the IP could change … Enable Bot Fight Mode again and testing now …

1 Like

I think that did the trick! Thanks for the tip @fritex !!

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.