Challenge Passage
When a visitor solves a Cloudflare challenge - as part of a Firewall rule or IP access rule - you can set the Challenge Passage to prevent them from having to solve future challenges for a specified period of time.
How it works
When a visitor successfully solves a challenge, Cloudflare sets a cf_clearance
cookie in their browser. This cookie specifies the duration your website is accessible to that visitor.
When that visitor tries to access other parts of your website, Cloudflare evaluates the cookie before presenting another challenge. If the cookie is still valid, no challenges will be shown.
When Cloudflare evaluates a cf_clearance
cookie, a few extra minutes are included to account for clock skew. For XmlHTTP requests, an extra hour is added to the validation time to prevent breaking XmlHTTP requests for pages that set short lifetimes.
Customize the Challenge Passage
By default, the cf_clearance
cookie has a lifetime of 30 minutes. Cloudflare recommends a setting between 15 and 45 minutes.
To update the Challenge Passage (and the value of the cf_clearance
cookie):
- Log into the Cloudflare dashboard.
- Select your account and domain.
- Go to Security > Settings.
- For Challenge Passage, select a duration.
Limitations
The Challenge Passage does not apply to challenges issued by WAF managed rules. Also, Challenge Passage does not apply to rate limiting rules unless the rate limit is configured to issue a challenge.