You need to have the action as bypass rather than allow.
Allow
The scope of the Allow action is limited to firewall rules; matching requests are not exempt from action by other Cloudflare security products such as Bot Fight Mode, IP Access Rules, and WAF Managed Rules.
Matched requests will be mitigated if they are part of a DDoS attack.
Bypass
Matching requests exempt from evaluation by a user-defined list containing one or more of the following Cloudflare security features:
Requests which match the Bypass action are still subject to evaluation (and thus a challenge or block) within Firewall Rules, based on the order of execution.