Waiting room bypass

we are currently facing an issue with waiting room. We are on business plan and have one waiting room defined on our domain, that users use for login to our platform. Path is defined as root (/).
This same web page is regularly tested with surface scans that’s generating hundreds of requests and that easily reach out limits defined in waiting room settings - which we consider to be false positive activation of waiting room.
So our question is, if there is some way how we could prevent this? I’ve already considered and rejected use of sub-path (for example) “/login/” where is path would be defined in waiting room settings but vulnerability scan would enter this path on it’s own and, well, we know what it would led to…
Resolution of this issue could by some sort of whitelist (ip’s, user-agents, …), but I’ve not yet come acros no such thing regarding waiting room.
Thank you all in advance.

1 Like

I’ve submited question to reddit and got a reponse: https://www.reddit.com/r/CloudFlare/comments/y69ywp/waiting_room_bypass

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.