Hello everybody, I’ve just enabled Cloudflare a day ago, my site is under DDoS attack, I enabled the “Under attack mode” and Cloudflare was successful in blocking most offending traffic.
But I have two issues:
1- Some users are complaining from endless JS challenge page, where they never get redirected to my server.
2- How do I disable JS Challenge for my API? I added a rule in Security > Firewall rules including the IPs I want to bypass.
When that did not seem to work for everyone, I added a page rule with a wildcard.
But still some clients are complaining about receiving Cloudflare challenge page for their API requests.