Page rule that will override an access rule

Website, Application, Performance Security
1

I want to have a page rule that will override an access rule.
For instance, if I have an access rule that requires a captcha challenge, I want all pages to get the captcha except a certain page rule.

So if my page rule will be
*mydomain.com/not-secured/*

and you enter a page that matches that rule, you will not get a captcha challenge, even if you have an access rule that says you should.

I tried to make that page rule with:

  • Disable Security
  • Browser Intgrity Check: Off
  • Security Level: Essentially Off

but i’m still getting a captcha.

What can I do?
Thanks.

2

:wave: @valditobregant

Page rules don’t have that functionality. You will want to write a better firewall rule which excludes your desired path(s) as part of the condition.

— OG

3

Thank you for your reply.

This is currently how I create the firewall rule:

Can you show me how to exclude the path with the given cURL example in the link?

curl -X POST “https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules
-H “X-Auth-Email: [email protected]
-H “X-Auth-Key: c2547eb745079dac9320b638f5e225cf483cc5cfdda41”
-H “Content-Type: application/json”
–data ‘{“mode”:“challenge”,“configuration”:{“target”:“ip”,“value”:“198.51.100.4”},“notes”:“This rule is on because of an event that occured on date X”}’

4

You’ll want to use firewall rules instead of access rules.

5

This topic was automatically closed after 30 days. New replies are no longer allowed.