'Exclude page from Cloudflare defence

I want to exclude the callback page from Cloudflare anti DDOS protection so I can accept callbacks from the payment systems when I enable "under attack" mode, but looks like it doesn't work. I have the following rule:

domain.com/callback*
Always Online: On

I checked with the curl and it returns the standard html+javascript captcha page.

cloudflare


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Docker container accessible only via Cloudflare CDN (selected ip ranges)

Akamai and CloudFlare IPs Appear as Requesting IPs

command not found: wrangler after installation of wrangler

How can I configure NGINX ingress controller to work with Cloudflare and Digital Ocean Load Balancer?

Making A Cloudflare Worker That Tweets Though My Twitter Developer APIs. Can't Get CryptoJS.HmacSHA1 to Create Signature for Fetch Request

Cloudflare returning 520 due to empty server response from Heroku

docker, iptables and cloudflare

Is it possible to create a new Cloudflare Pages project without associating an existing GitHub project?

How to pass security cloudflare server with php curl

Coinbase API returns Cloudflare captcha check and fails to execute [closed]

Configuring traefik for basic http so that dashboard uses port 80 -- get page 404 not found

502 Bad Gateway for Proxy Pass to HTTPS API server sitting behind Cloudflare Proxy

Can cloudflare add custom headers?

Getting "curl: (92) HTTP/2 stream 1 was not closed cleanly: INTERNAL_ERROR (err 2)"

Can't bypass cloudflare with python cloudscraper