Whitelisting a target (not source) domain in the WAF


#1

Hi.

We have a domain for site admins in which they edit html and other things, and the cloudflare waf keeps annoying them (rightly so) with the WAF Captcha.

This domain they log in to is well protected so I am okay with the WAF being whitelisted on any action done on that domain.

How can I whitelist the target domain itself, or a certain URL in that target domain itself? All I see are options to whitelist the origin IP of the visitors.


#2

You can try using a Page Rule to ease up on the security for that particular URL. If you’re on a Paid Plan, you can turn Web Application Firewall off. Or you can choose a lower Security Level (free or paid plans). Or Disable Security altogether. All these are options under Page Rule settings.