CD
Cloudflare Developers•2mo ago
TheRandyOne

Bot Traffic Blocking

Hi all, We make use of the cloudflare proxy service to tunnel traffic to us. With this comes the WAF rules that try to block naughty traffic. We seem to be getting a few false positives that are causing a major pain. We don't know why they are being blocked and support just isn't answering the tickets to identify the reason. Our traffic generally comes from an app on mobiles so whatever we put out is available to the public. So just injecting secrets into the headers is likely out of the question. I'm sure I am not the only one that gets their legitimate traffic blocked. What are some of the ways to make sure your traffic is not blocked?
8 Replies
SuperHelpflare
SuperHelpflare•2mo ago
You can view the rule that caused a block or challenge page to be presented at https://dash.cloudflare.com/?to=/:account/:zone/security/events
TheRandyOne
TheRandyOneOP•2mo ago
@Sloth I am not sure what uam is and no to turnstile. @Leo I see the requests being blocked in the security/events section of the interface. They say blocked there and the reason is generally "description": "manage definite bots", I don't understand what your asking for? Here is a bit more of the json 
"description": "manage definite bots",
"rulesetId": "48ba18287c544bd7bdbe842a294f1ae2",
"source": "firewallManaged",
"description": "manage definite bots",
"rulesetId": "48ba18287c544bd7bdbe842a294f1ae2",
"source": "firewallManaged",
does that answer the question?
Laudian
Laudian•2mo ago
Sounds like (Super) Bot Fight Mode.
TheRandyOne
TheRandyOneOP•2mo ago
It is the bot fighter no, business and pro for different domains Thats not really what I'm looking for. I can see that it is blocking unwanted traffic most of the time. However it is also blocking my traffic some of the time. I want to know what I can do to make my traffic less likely to be blocked.
Laudian
Laudian•2mo ago
No one here has any knowledge of how your app works. Check the logs and figure out what distinguishes the blocked traffic from other legitimate traffic.
TheRandyOne
TheRandyOneOP•2mo ago
I'm not asking to get a deep dive into the workings of my app. It's just that the logs are really vague on the reason for blocking the traffic. Something like this would be massively helpful * Missing userAgent * Malformed body * Suspicious url path Just saying "manage definite bots" on a rule that I don't have access to is not helpful. If I knew the reason why it would blocked then we can go and correct any issues with the traffic we generate Of if there was a page that showed some best practices to reduce the false positive rate, that would be good also So I really have 3 options; make a rule to skip it earlier in the chain, turn off the bot blocking and finally buy a enterprise package? It's really frustrating that so many of the requests here end in buy the top teir enterprise package 😦
Laudian
Laudian•2mo ago
Is there even a specific need why you want to have SBFM enabled? Is your site currently getting ddosed?
TheRandyOne
TheRandyOneOP•2mo ago
It does block a lot crap traffic that internet scanners generate. The less crap traffic my app servers need to deal with the better. So it does serve a useful purpose. However it's like magic, when it goes wrong and there is no way to know what is wrong, it becomes really frustrating to use.

Did you find this page helpful?