Incapsula blocking my mobile app requests, how do I bypass this?

Question

we are using Incapsula for web security in our application. It works fine for web.

However, Incapsula blocks all mobile application requests (iOS:Swift, Android:Java) ; and classifies them as DDOS and CAPTCHA (Fail) with status messages:

Client was sent a JavaScript security check, request was suspended

or

Client was sent a CAPTCHA security check, request was suspended.

How do I bypass this?

I am using Asynchronous Http Client for Android, Alamofire for iOS.

Answer 1

There could be a few reasons you are getting this response. The most likely is that you have enabled a CAPTCHA check for Suspected Bots. Under your site that is being affected, navigate to Settings -> Security and make sure the "Require all other Suspected Bots to pass a CAPTCHA test" is unchecked.

Other reasons you could be seeing this are:

• You have a custom IncapRule defined for this site that has an action of "Require JavaScript" or "Require CAPTCHA"
• Under the Settings -> WAF -> DDoS section the DDoS setting is set to "On" as opposed to "Automatic" and under the Advanced section the Challenge Unknown Clients setting is set to either "JavaScript" or "CAPTCHA".

Hope that helps. If you're still having trouble their Support team should be able to lend a hand.