Super Bot Fight Mode Critical issue with paiement webstore

CacaoTor · May 4, 2022, 11:29am

Hi everyone,

Since Super Bot Fight Mode enabled (block mode), we got return result of paiement page on a webstore blocked and the orders cannot be finalized.
That is very problematic…

So, as usual, we created an exception under WAF => Managed rules with the URI path : /modules/atos/validation.php

BUT

Has no effet. The URL still blocked by Super Bot Fight.
After some research, we made a Firewall bypass.
We can see then the firewall rule is matched, but this page is still blocked…
We verified many times that the rules are correct.

Any idea ?

This security mode is very usefull and efficient (we can see many daily attack stoped).
It would be a shame not to use it for a single url

Thanks.

KianNH · May 4, 2022, 11:55am

You can’t use the WAF to bypass Super Bot Fight Mode since it runs before the WAF.

The only way you can bypass SBFM is with IP Access Rules by whitelisting the originating IP address.

CacaoTor · May 4, 2022, 12:12pm

Thank for fast reply.

OK I understand.
Well, a simple firewall rule with IP source allowed should make the job ?

Capture-CF

KianNH · May 4, 2022, 12:17pm

Nope, it has to be done in IP Access Rules - Firewall Rules run after SBFM.

It’ll be under ‘Tools’ in the Security tab of the dashboard - https://support.cloudflare.com/hc/en-us/articles/217074967-Configuring-IP-Access-Rules

jnperamo · May 4, 2022, 12:38pm

CacaoTor · May 4, 2022, 1:16pm

God thanks !
It works (almost) perfectly !
Just to fix redirection page after paiement issue (actually customers are disconneted from their account).

Thanks a lot (great Cloudflare Community)

system · May 7, 2022, 1:16pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.