WAF with api endpoint in a subdomain

I have a domain example.com with a website, and a subdomain search.example.com with a search server installed,

Users navigate on the website ( Vue ) and from the website there are many calls ( client made ) of the search server on the search.example.com subdomain.

On this website I have Managed Challenge Enabled, with a business subscription, because the website is always scraped by bots and there are many rules in place to enable cloudflare captcha / or js challenge.

The problem I have is that if a client is connecting with a “bad ip” source and it solves the captcha on the primary domain this event does not propagate on the search server so the website loads but not the subdomain with the search api.

Both the primary website and the search server are proxied with cloudflare and have the same root domain, on the same business account.

What is the best practice to solve this problem? or there is any setting that I didn’t find that enable sharing of the captcha cookie between the 2 websites ?

Thank You

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.