I turned on the blocking option in Super Bot Fight Mode, it turns out that my domain has a subdomain for the API, and some users are blocked by Super Bot Fight Mode to access it. What can I do to get around this issue?
Unfortunately, nothing for now. There are no bypasses for Super Bot Fight Mode. You’d have to turn it off, which is what most people end up doing.
It seems to be a great resource, as my site started to be accessed by hundreds of bots from different countries and from different hosts.
Something very annoying and that ends up affecting his performance, as the default WAF doesn’t seem to detect these accesses.
But because of our API, legitimate users are blocked.
WAF is for malicious requests, usually tied to specific vulnerabilities.
Firewall Rules are better for getting rid of unwanted traffic. You can allow Known Bots, but then block/challenge unwanted ASNs, threat scores, etc.
Today I detected malicious calls that Cloudflare WAF could not detect.
"GET /CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00e" "GET /nacos/v1/cs/ops/derby?sql=select+st.tablename+from+sys.systables+st"
Or this other example, with a HEADER famous on the internet for being malicious that the WAF also missed.
"GET /wp-includes/small.php HTTP/1.1" 404 4584 "anonymousfox.co"
My WAF is setting to medium protection level.
There is no silver bullet; there will always be a way to go through a WAF. The WAF should be seen as a measurement to detect(and, most of the time, stop) intrusion attempts and then take proper measures against such attacks.
Anyways, if you are part of the enterprise program I’m sure that an engineer can have those “bypasses” fixed ASAP. Setting a higher sensitivity level could also do the trick surely.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.