Turnstile Captcha issue with safari in lockdown mode
Original message was deleted
DHi,
We have been facing some issues with Turnstile especially when a user visits the site with the MDM registered device. The Turnstile is taking a longer time for verification eventually getting failed. This is particularly true on Safari and some occasions with other browsers when the device has lockdown mode (iOS security feature) enabled.
Has anyone encountered such issues? we also noticed that the turnstile tends to fail on Cloudflare's site when the user uses a lockdown mode enabled device.
Lately, we have noticed more turnstile failures on MDM-registered devices. I would like to know your comments on this.
We have been facing some issues with Turnstile especially when a user visits the site with the MDM registered device. The Turnstile is taking a longer time for verification eventually getting failed. This is particularly true on Safari and some occasions with other browsers when the device has lockdown mode (iOS security feature) enabled.
Has anyone encountered such issues? we also noticed that the turnstile tends to fail on Cloudflare's site when the user uses a lockdown mode enabled device.
Lately, we have noticed more turnstile failures on MDM-registered devices. I would like to know your comments on this.
SAre all such devices visiting from same IP? From my limited knowledge this can some times be a problem.
SAlso check if you have bot fight mode on, browser integrity check etc. Cloudflare fancy security protection use aggregated data to make decisions.
DAbout IP, sometimes yes. Users are under an organisation sharing the same router (Public IP) sometimes.
With an MDM-registered device, our site's turnstile fails only on the Safari browser but not with other browsers like Chrome, Firefox, etc. We are not sure if we have done any configuration wrong.
With an MDM-registered device, our site's turnstile fails only on the Safari browser but not with other browsers like Chrome, Firefox, etc. We are not sure if we have done any configuration wrong.
DI'm new to Cloudflare. Looking at the documentation, the bot fight mode needs the site to be hosted in Cloudflare. But our site is hosted by a different hosting service.
STry add WAF custom rule to bypass security if they are coming from your own network https://developers.cloudflare.com/waf/custom-rules/
Regarding why Safari with lockdown mode is more likely to be blocked you won't get meaningful answer here because folks would rather to keep it a blackbox thus it would harder to be bypassed by malicious actors.
My assumption is the lockdown mode is disabling some browser features so JS challenge couldn't pass, for example(maybe) web workers.
Regarding why Safari with lockdown mode is more likely to be blocked you won't get meaningful answer here because folks would rather to keep it a blackbox thus it would harder to be bypassed by malicious actors.
My assumption is the lockdown mode is disabling some browser features so JS challenge couldn't pass, for example(maybe) web workers.
Cloudflare Docs
Custom rules allow you to control incoming traffic by filtering requests to a zone. You can perform actions like Block or Managed Challenge on …
DThanks! Few organisations use our website and have their own firewall. Should we also try WAF in this case?
DWe noticed that, on an MDM-configured device (without lockdown mode), Cloudflare's site passes the Turnstile check in the Safari browser, but our site fails. This has led us to question if we may have incorrectly set up the Turnstile on our end, given that the same MDM-configured device successfully passes the Turnstile check on Cloudflare's site but not ours.
SWhen client fail, they should get an link saying "Having trouble?" or something similar? I think one can click on the Cloudflare logo 5 times when the widget fails and send you the QR code to contact cloudflare support.
DOh, Ok Thanks. I'll contact the support team on this.
