Challenge Passage
When a visitor solves a Cloudflare challenge - as part of a WAF custom rule or IP Access rule - you can set the Challenge Passage to prevent them from having to solve future challenges for a specified period of time.
When a visitor successfully solves a challenge, Cloudflare sets a cf_clearance
cookie in their browser. This cookie specifies the duration your website is accessible to that visitor.
When that visitor tries to access other parts of your website, Cloudflare evaluates the cookie before presenting another challenge. If the cookie is still valid, no challenges will be shown.
When Cloudflare evaluates a cf_clearance
cookie, a few extra minutes are included to account for clock skew. For XmlHTTP requests, an extra hour is added to the validation time to prevent breaking XmlHTTP requests for pages that set short lifetimes.
By default, the cf_clearance
cookie has a lifetime of 30 minutes. Cloudflare recommends a setting between 15 and 45 minutes.
To update the Challenge Passage (and the value of the cf_clearance
cookie):
- Log into the Cloudflare dashboard.
- Select your account and domain.
- Go to Security > Settings.
- For Challenge Passage, select a duration.
The Challenge Passage does not apply to challenges issued by WAF managed rules. Also, Challenge Passage does not apply to rate limiting rules unless the rate limit is configured to issue a challenge.