Actions
An IP Access rule can perform one of the following actions:
Block: Prevents a visitor from visiting your site.
Allow: Excludes visitors from all security checks, including Browser Integrity Check, I’m Under Attack Mode, and the WAF. Use this option when a trusted visitor is being blocked by Cloudflare’s default security features. The Allow action takes precedence over the Block action. Note that allowing a given country code will not bypass the Cloudflare Web Application Firewall (WAF) .
Managed Challenge: Depending on the characteristics of a request, Cloudflare will dynamically choose the appropriate type of challenge from a list of possible actions. For more information, refer to Cloudflare challenges.
JavaScript Challenge: Presents the I’m Under Attack Mode interstitial page to visitors. The visitor or client must support JavaScript. Useful for blocking DDoS attacks with minimal impact to legitimate visitors.
Legacy CAPTCHA: Requires the visitor to complete a CAPTCHA before visiting your site. Prevents bots from accessing the site.