JavaScript Challenge Rule

In addition to my crazy long Cloudflare firewall “block” rule, I use a JavaScript challenge rule for pages that I want to restrict to human users, keeping out bots.

According to Cloudflare: “During a JavaScript challenge you will be shown an interstitial page for about five seconds while Cloudflare performs a series of mathematical challenges to make sure it is a legitimate human visitor.”

I have no use for bots on pages where they might cause mischief, such as my contact form page or my hidden login page. I don’t use /login but I don’t want bots hammering it. I also don’t want bots on my search page – unless it is a Cloudflare-listed ‘good bot’ or a google partner looking to serve an ad for me. On the other hand, I don’t want to inconvenience my users with a five-second interstitial page before they are allowed to search.

So, my JavaScript challenge rule:

(http.request.uri.path contains "/contact-kenny") or
(http.request.uri.path contains "/my-obfuscated-login-page") or
(http.request.uri.path contains "/login") or
(http.request.full_uri contains "/?s=" and not
http.referer contains ""and not
http.user_agent contains "Mediapartners-Google" and not

Then JS Challenge

WPPOV supports freedom from Net Neutrality and the GDPR. The Internet of the people, by the people, for the people, shall not perish from the Earth.