CD
Cloudflare Developers5mo ago
bilbob

WAF Rule not working

I have a website that also has an API that is used by a mobile app and a Windows app with post/get requests. the website part is protected using Cloudflare proxies and standard js/interaction messages. Because the API is receiving get/post requests from Windows/android, there is no js or human interaction accepted so I added a WAF rule with this configuration. When an API request is received, the response is Just a moment... Enable JavaScript and cookies to continue How can I fix this?
No description

message.txt

13 Replies
Chaika
Chaika5mo ago
Check under Security -> Events and find a request being challenged, it'll tell you why it is. It could be Bot Fight mode if you have that one, which can't be skipped via Custom Rules
bilbob
bilbob5mo ago
this is what i see in events
No description
Chaika
Chaika5mo ago
Sounds like you have an IP Access Rule under Security -> WAF -> Tools set to challenge
bilbob
bilbob5mo ago
thanks it worked do i have to do it for every user/ip?
Chaika
Chaika5mo ago
Cloudflare recommends you use WAF Custom Rules rather then IP Access rules these days. If you are geoblocking/blocking an entire ASN/county, you can do that easily in a custom rule. If you're doing it by IP, you can create an IP List (https://developers.cloudflare.com/waf/tools/lists/custom-lists/#ip-lists) and use that in a rule.
bilbob
bilbob5mo ago
i also found this set
bilbob
bilbob5mo ago
No description
bilbob
bilbob5mo ago
is this wise to do? or should i delete it
Chaika
Chaika5mo ago
Blocking some specific version of iOS Chrome?
bilbob
bilbob5mo ago
i made it years ago thinking i was a geneious
Chaika
Chaika5mo ago
not sure why you would do that, maybe to stop some weird attack or something? Your Custom Rule would skip that, but yea should be fine to delete if you don't know what it is lol
bilbob
bilbob5mo ago
thank you you have been very helpful
Chaika
Chaika5mo ago
of course. Yea Custom Rules are really nice, but as you've found out they cannot skip everything, just most features
Want results from more Discord servers?
Add your server
More Posts
Uploading assets for "direct deployment" CF PagesWe're building our CF page in our own service rather than using the CF build service. Our goal is tojose works! Thanks @Hello, I’m Alastair!jose works! Thanks @hellothereimalastair Another question: I'm trying to use the Firebase Web CliI'm getting a 403 error on any `fetch` callThis is the raw error that I'm getting: ```<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 TransitionalCouldn't solve Blocked by no cors policy.I tried everyting that I could to solve cors policy but doesn't seem working. Here is my worker : Can't console.log from local pages setupHey everyone - this is probably a pretty simple problem. I cannot see ANY output from my local pagesabout ddos protection in k8s using cloudflarehey my vps provider don't have ddos protection and I will be having my k8s cluster in there. master captcha says wrong Domain 😭Hello everyone, please be kind. I'm stupid, I know. So I have a domain from one site and my host is Do I have a DNS problem?I am a free user. I want to load my domain, hmtown.com, with simple HTML. I have tried to use githubDNS disabled for my domain, but after 72 hours, they still point to Cloudflare's nameservers.As per the title, I have removed my domain from Cloudflare's DNS settings, but they continue to be oWhy `Do you want the application “workerd” to accept incoming network connections?`?Why running worker project asks for `Do you want the application “workerd” to accept incoming networ