Managed challenges seem to sometimes allow users to bypass my custom rule

I have a rule set to block any attempts to get to anything including “/wp” on my domain, since I don’t even have Wordpress installed, I don’t need the hundreds of thousands of bots that are going around to every website looking for things they can exploit. Oddly though, sometimes, at least as far as I tell, managed challenges seem to let those bots just skip the block rule.

For example (I removed the IP’s because I don’t know if posting them publicly is allowed here, better safe than sorry), the first one gets blocked by my custom rule. Then they swap IP and get a managed challenge, which I presume based off the absence of any additional entries for a block but 11 more entries for managed challenges, just lets them straight to the nonexistent page they were going to

It isn’t causing my website any harm, since as mentioned earlier they aren’t actually getting to anything, but it’s confusing to me that the managed challenges just ignore the other rules sometimes (apparently, I’m not sure so I’m not trying to state this as a definitive). If it’s fixable on my end, is there anything I can do to let them work in tandem, or am I outta luck?

It happens that Bot Fight Mode will sometimes kick in, and it does so before your Custom Rule is triggered. Had that bot been able to bypass the challenge somehow, it would still face the Custom Rule. Nothing to worry here, it seems.

When a human bypasses the Managed Challenge, if you download the JSON for the event you’ll see as action not managed_challenge, but managed_challenge_non_interactive_solved, followed by managed_challenged_bypassed for subsequent requests from same user-agent/IP. But again, as far as what was presented on the screenshots, that’s the expected behavior.

1 Like

Ah yeah, the 4 I downloaded all show as “managed_challenge”, no solved or bypassed, so I guess they didn’t even make it through that. Thanks for the clarification, makes sense when I think about it.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.