If I may, this entire rule format is unnecessarily complicated. The most comprehensive rewarding method, which strips away 95 - 97% of the noise, is the JS challenge ranked as one of the remaining block rules (2 through 5), of five, after your rule group #1 Allow group. JS Challenge rule group #2 is just one line,
a URI FULL wildcard for your root site and anything above it ==> Value https://*.yourdomain.com/*
The Action is JS Challenge.
Change "yourdomain.com" above to your registered domain. That's all there is to the JS challenge. This challenges all traffic that doesn't match your allow rule group #1.
Set Rule group #1 to be your allows with the marked option to skip all remaining rules should a connection match Rule group #1. Place all the allowed IPs/CIDRs and user-agents in this rule group. Rule group #3 for us is the country code blocks and rule group #4 are mostly ASN and user-agent blocks to filter out all remaining garbage we specifically don't want that can be filtered out before Cloudflare passes the connection to our site and its .htaccess rules.
viewtopic.php?p=16070281&hilit=js+challenge#p16070281
Statistics: Posted by SQLnovice — Wed Jul 23, 2025 3:08 pm