Testing out login only mode now due to the traffic levels.
I am thinking CF cache is going to be a problem here i.e it will still serve whatever is cached?
AI-bots are hitting among many other direct paths for e.g.:
...stylesheets/docker_manager_abc123.css
The text is served up, as well as .js files to etc. etc. in fact I think the things are getting past the “managed challenge” and I have read some misgivings along the same lines on reddit.
Is there a useful list of all the directories etc to block or manage with some rule without breaking everything?
So I take it that login only mode does not represent a complete denial of access to anonymous traffic when using CF but does when not using cache, can anyone confirm this?