WAF rule with Skip action is not working as desired

I got the same issue.

But I do not have the fight mode on.

I have a “Skip” rule and Managed rules.
Skipping is for IPs from a specific country outside of North America. But everything outside of the US should be challenged.

My skipped country IPs are still receiving the challenge based on the set rule “Outside of North America”.

How can I make sure the “Skip” function is enforced?

If you do not have BFM on, it’s not the same issue. That’s why I moved your post to a separate topic.

You need to identify which Cloudflare service is blocking or challenging the request you want to be allowed.

  1. Go to Dashboard > Security > Events. If the request was in fact blocked by Cloudflare, you should find an event related to that challenge action. Check the “Service” that challenged it.
  2. If this was
    a) WAF Managed Rule, you need to create a WAF Exception for that rule. See: Add a WAF exception in the dashboard · Cloudflare Web Application Firewall (WAF) docs
    b) WAF Custom Rule, you need to edit it accordingly, adding an exception to Known Bots.
    c) Something else; post back here.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.