Hello, we have a WebSocket connection between a Java app and a backend server. We are facing a problem regarding protecting it with Cloudflare, specifically using GeoIP blocking. Our goal is to require a captcha for players from graylisted countries. But app is not browser.
We attempted a solution by redirecting the player to a browser URL where they could solve the captcha. However, when the player returns to the app, they still encounter a 403 error. I believe this is because Cloudflare recognizes that the “ray” (the request) has passed the captcha, but it doesn’t associate the solved captcha with the player’s IP.
Do you have any ideas on how we can effectively utilize Cloudflare’s protection in this case?