We’re using Azure DevOps to load test a new part of our site. Unfortunately, we were seeing Cloudflare block the requests due to “Browser integrity check”. We therefore added a Firewall rule to allow requests if “AS Number” is “8075”. This appeared to work for images, but most of the HTML files still fail the Browser integrity check. Why?!
In the activity log, under “Additional matches”, I see the Allow rule which I created. It seems like it’s matching the rule, but is being overridden? Help!
I ran another test. The only difference I can see from Cloudflare’s JSON summary is that Azure used a different User Agent. Why would that trump our Firewall rule?
I don’t know. The order in which multiple CF protections are run is not very clear to me. My guess is that, being a zone-wide setting, BIC would take precedence and be applied before individual rules.
As for your page rule, the Browser Integrity Check must be switched to OFF (I’d assume you did it, just mentioning because your screen shot shows otherwise)
And of course you can always turn BIC off altogether (for the duration of your test) on the Firewall > Settings tab.
Yeah, I did fix the On/Off switch on the page rule.
I’d rather not have to turn off BIC altogether during testing, although I have confirmed that when I do that, I don’t get any failures in my load test.
Apparently, these firewall rules allow for whitelisting of requests through other created firewall rules and not any of the managed rulesets, the BIC or Rate Limiting.
Therefore, in order to get this to work, you have to go to “Firewall” -> “Tools” and whitelist the ASN.