Cloudflare’s “Bot Fight Mode”, the Cloudflare captcha, is great at preventing bots, but I am afraid it might block federation related traffic.
Does anybody have actual experience in this regard? Is there anyone who has successfully deployed Lemmy with “Bot Fight Mode”, maybe with some exceptions configured?
As long as there is a bypass for
/inboxit should be fine. I used to run my instance behind a WAF and I had to add that path to the allowlist so that federation requests would bypass it.