Some customers can't bypass "I'm under attack" protection

Some of my users are experiencing difficulties accessing some pages on my website because they are not redirected after the “5 seconds” of Cloudflare’s anti-DDoS protection.

https://api.fnt.work/auth/login

I did tests on my cell phone but I couldn’t replicate the error. How can I diagnose this issue and contact Cloudflare if necessary?

I’m using the Free Cloudflare Plan.

Opsec and some browser extensions might cause this. Disabling cookies/js is also likely to cause malfunction of the JS challenge.

Yes, this is what I have suggested to my users, however, this problem is sudden and has only started to appear in the last few weeks and several users are complaining.

It seems to be something from Cloudflare, so I would like to know what I can do to find out the cause as it is more than one client.

It might be due to an update on cloudflare internal checks, the remaining fact is that as friendly as Cloudflare wants to be with privacy, there are some fields that can’t be ignored to keep a balance between security and privacy.
If your users spoof their headers, rotate ips, etc, they are prone to trigger false positives and enter in under-attack challenge loops.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.