#Cloudflare is blocking requests to my API

Previously on Cloudflare, I’ve had issues where my clients reported being blocked when making requests to my API because their IP addresses are obviously from data centers.

It’s completely normal for Cloudflare to block requests from data centers in an effort to block bots visiting my website, but of course the subdomain api.domain.com is obviously an API and is obviously also accessed by data centers.

Currently, our solution is to disable Cloudflare’s WAF for the API subdomain, a paid feature and the only reason we currently have to pay $20/month.

What other solutions are there? Because I understand that people host client-facing APIs protected by Cloudflare and must be facing this issue.

Please, if anyone sends me a message, tag me using @twin harbor so Discord will notify me of the message; otherwise, I won't see it unless I check manually.

You just.. don’t use bot fight mode?

@twin harbor are you using bot fight mode?

I think it's currently enabled. Is there a way in the free plan to disable it for a specific subdomain only?

You might be able to create it’s own zone?

What exactly do you mean?

You could try registering it as its own separate domain (how you originally set up this domain) and then configure the DNS records of the main to point out at the other one. The configure bot fight mode for the main one only

(Just an idea)

Can I set up my subdomain as a separate domain from the one it belongs to? Is this possible in Cloudflare? How does that affect DNS, certificates, and so on?

Is that the only solution besides the one I'm currently using?

That’s the only thing I can think of? And I’ve never tried it but you could. You could even experiment with a spare domain. I’m just some random guy on the internet though so let me know how it goes if you do

Theres always the option of paying cloudflare

I'm currently testing it out; the only thing that doesn't quite convince me is that when I disable Cloudflare's protections for the subdomain at the payment layer, am I also disabling Cloudflare's CDN service for my API? Since that's something I'd like to keep active to make it as fast as possible—though, well, it is an API, and I'm not sure if it really helps since it doesn't have static files as such

No you shouldn’t be disabling the CDN but also you have a good instinct … what’s there to cache unless you have the same images that you send to lots of different people? If it’s a short JSON response for example it’s really doing nothing for you