Rate-Limiting Rule with Interactive Challenge Not Triggering

staff4 · March 20, 2025, 4:19pm

What is the name of the domain?

What is the issue you’re encountering

I have set up a rate-limiting rule that should show the interactive challenge after 5 requests within 10 seconds, but it doesn’t work! It only works with the 429 block. Why? I’m going crazy. When I set the interactive challenge, it works the first time, but if I try again, it no longer shows the CAPTCHA.

What steps have you taken to resolve the issue?

I’ve read that the duration of the completed challenge does not affect WAF rules, but I don’t understand the conflict.

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full (strict)

fritex · March 21, 2025, 2:24am

May I ask if you’ve got any Custom WAF Rule which would be in a conflict with your Rate Limitin rule due to the interactive challenge being presented?

Were you testing this with each time new Incognito (Private) Window (no cookies saved)?

system · April 5, 2025, 2:25am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cloudflare i am under attack and waf rules not working Website, Application, Performance	8	954	March 28, 2023
Does challenge passage apply to custom FW rule Security	2	735	August 10, 2023
WAF Doesn't Work To Bypass Rate Limiting Rules (And Many Problems With Rate Limit) Security	3	2029	October 25, 2022
Rate limiting rule with challenge does not take effect DNS & Network	2	745	July 4, 2023
Cloudflare Firewall rule chalenges users every single day?! Security	8	2356	November 20, 2019