I have a rule set to block any attempts to get to anything including “/wp” on my domain, since I don’t even have Wordpress installed, I don’t need the hundreds of thousands of bots that are going around to every website looking for things they can exploit. Oddly though, sometimes, at least as far as I tell, managed challenges seem to let those bots just skip the block rule.
For example (I removed the IP’s because I don’t know if posting them publicly is allowed here, better safe than sorry), the first one gets blocked by my custom rule. Then they swap IP and get a managed challenge, which I presume based off the absence of any additional entries for a block but 11 more entries for managed challenges, just lets them straight to the nonexistent page they were going to
It isn’t causing my website any harm, since as mentioned earlier they aren’t actually getting to anything, but it’s confusing to me that the managed challenges just ignore the other rules sometimes (apparently, I’m not sure so I’m not trying to state this as a definitive). If it’s fixable on my end, is there anything I can do to let them work in tandem, or am I outta luck?