The DDoS attack is now targeting our Tor site. The hidden service is currently offline as we work to mitigate the attack and see if we can keep it up. Please use the clearnet site in the meantime.
Th...
I think you guys need to need to do this:
Create Page Rules in your Cloudflare dashboard:
Go to Rules > Page Rules
Add a rule for your API endpoints:
URL pattern: yourdomain.com/api/*
Set "Security Level" to "Essentially Off"
Toggle "Browser Integrity Check" to Off
Add another rule for protected pages:
URL pattern: yourdomain.com/page/*
Set "Security Level" to "High" or "I'm Under Attack"
Enable "Browser Integrity Check"
Configure Firewall Rules (optional for more control):
Go to Security > WAF
Create a rule that bypasses security for API endpoints
Rule name: "Allow API Access"
Expression: (http.request.uri.path contains "/api/")
Action: "Bypass"
Set default protection level:
Go to Overview > Security
Set your default Security Level to Medium or High
Adjust Bot Fight Mode settings in Security > Bots if needed
This configuration will allow direct access to your API endpoints while forcing browser verification
Create Page Rules in your Cloudflare dashboard:
Go to Rules > Page Rules
Add a rule for your API endpoints:
URL pattern: yourdomain.com/api/*
Set "Security Level" to "Essentially Off"
Toggle "Browser Integrity Check" to Off
Add another rule for protected pages:
URL pattern: yourdomain.com/page/*
Set "Security Level" to "High" or "I'm Under Attack"
Enable "Browser Integrity Check"
Configure Firewall Rules (optional for more control):
Go to Security > WAF
Create a rule that bypasses security for API endpoints
Rule name: "Allow API Access"
Expression: (http.request.uri.path contains "/api/")
Action: "Bypass"
Set default protection level:
Go to Overview > Security
Set your default Security Level to Medium or High
Adjust Bot Fight Mode settings in Security > Bots if needed
This configuration will allow direct access to your API endpoints while forcing browser verification