CF-CONNECTING-IP Header being excluded from "bot fight mode" triggers
I have a website that recieves very large amounts of traffic, and recently I've had a very few amount of users report issues with authentication. After debugging, I realized that Cloudflare's IP header was not being passed for those people.
Looking at their requests in Security Events, they seem to lack a user agent and are listed under the "Managed challenge" action for the "Bot fight mode" service.
To test my theory, i turned off bot fight mode and those users were able to use the app fine.
My question is, how can I keep bot fight mode enabled while still allowing people who manage the challenge to keep their
Looking at their requests in Security Events, they seem to lack a user agent and are listed under the "Managed challenge" action for the "Bot fight mode" service.
To test my theory, i turned off bot fight mode and those users were able to use the app fine.
My question is, how can I keep bot fight mode enabled while still allowing people who manage the challenge to keep their
cf-connecting-ip header.