Under attack mode stops external communication with my web service

tom1443 · September 5, 2020, 6:03pm

Hi,

I have an issue with enabling the “Under attack mode” which breaks one of my PHP web services that requires external communication with another service outside of my web server. The external service should basically hit one of my endpoints to verify something, however this doesn’t work when UAM is enabled.

I guess since web service traffic can’t exactly do bot checks etc it doesn’t work. Is there a way to fix this? I have tried adding the DNS hostname of the website that has the external service on to the CF firewall, but that didn’t fix it.

Thanks

sandro · September 6, 2020, 9:04am

You will have to disable “Under Attack”, set up a firewall rule for /* with a JavaScript challenge, and whitelist the IP address you want to access it without challenge (or exclude that address in your firewall rule).

tom1443 · September 5, 2020, 8:51pm

I’ve already tried allowing the hostname in firewall rules. I can try the IP but I will have to ask the owner of the external service for the real origin IP address (unsure if I will be given it though).

sandro · September 5, 2020, 8:57pm

Hostnames won’t work, only IP addresses. But if you have a hostname you automatically have an IP address.

tom1443 · September 5, 2020, 8:59pm

They also use Cloudflare, so I can’t just get their origin IP from the command line I don’t think.

sandro · September 5, 2020, 9:04pm

Their requests will still come from their own server. You should find that in the Cloudflare event log if they are blocked.