JS Challenge is not triggered


I’ve added firewall rule that should trigger JS Challenge for certain requests, but it doesn’t seem to work

At first JS Challenge has been triggered in a browser and then in different browser again but I’m not able to trigger it again although I tried to clear my browsing data and tried using different browsers. JS Challenge also did not work from my mobile device.

The rule expression itself seems to work as if I change the action from JS Challenge to Block all of the requests are blocked.

Let me know if this is expected behaviour as for me it seems odd. I couldn’t find any docs regarding this topic online

Do you have another firewall rule that’s set to maybe “bypass” another IP or ASN (that comes from Finland or Poland)? You should check your firewall rules for any kind of bypassed IP’s or ASN!

I’ve just discovered that disabling page rule that was responsible for redirecting whole traffic to different website helped. Somehow those two were interfering but still I don’t think this should be the case - JS Challenge should pop up before redirect.

The traffic sequence should appear on your Dashboard, like this, and you can see Page Rules come before most security/firewall tools:


It does not actually explain one thing, which is that Block action in firewall rule has been actually working even though I has page rule active :slight_smile:

I tried to replicate your behaviour and I was able to get JS challenge or Block (based on fw rule action) even though I have a page rule to redirect the request.

My guess: once the request triggers the forwarding URL page rule, Cloudflare does not immediately perform the redirect. Instead, it keeps the state, proceeds to pass the request to Cloudflare’s firewall, then only redirects the user once the request passes the firewall check.

It’s still weird to see JS challenge not working from your side though.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.