WAF custom rule / JS Challenge not working

What is the name of the domain?

redacted

What is the error number?

n/a

What is the error message?

n/a

What is the issue you’re encountering

Custom rule created, no challenge ever appears.

What steps have you taken to resolve the issue?

Settings as “Country / is not in / United Kingdom”, Action = JS Challenge.
Confirmed not working by hosting chat support located in Canada.

“Security > Events” seem to have stopped displaying events outside of UK, but “Activity” for rule still showing 0.
Am confident that there has been traffic from outside UK as we’ve been getting high visit numbers from bots in Germany, US, etc. though can no longer see these.

Also confirmed not working by changing VPN location (though I am less confident on how this works).

Requested support from hosting provider, they reviewed “Security > WAF > Custom rules” Cloudflare screenshots and confirmed it all looks correct.

Read the documentation about “Custom Content Security Policy not supported”, double checked headers and confirmed that no CSP headers are present for the site.
Second/test site setup in same way, Cloudflare JS Challenge works when changing location via VPN.

Final step > Pay for Pro > post this question.

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full

What are the steps to reproduce the issue?

Not sure

Screenshot of the error

Headers indicate you are using Kinsta…
https://cf.sjr.dev/tools/check?145ca0e08e1f4899affbbbe86e24c18c#connection-server-https
…who use Cloudflare so likely requests are passing through their Cloudflare account and not yours, so your settings don’t have any effect.

Make sure to configure your Cloudflare DNS correctly to take advantage of O2O so your settings are applied first, see here…

1 Like

@sjr Thankyou for this, but unfortuantely (if all other info entered is correct) Cloudflare will not allow me to add the required CNAME as an A Record with that host already exists. (I tried to upload a new screenshot but it seemed to cause an error).

Referring to the troubleshooting page:
“Review your existing DNS records to find the matching value in the Name field. Then, decide whether you want to keep the current record or delete it and make a new one.”

Should I delete my A Record and create the new CNAME only?

Yes - make a note of the A record before you delete it in case of any problems.

1 Like

Looking good, thank you sjr, coffee incoming.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.