If you're seeing "Attention Required | Cloudflare" when trying to import links into Userled's resources section, your Cloudflare security settings are blocking Userled's automated requests. This guide will show you how to whitelist Userled.
The Issue
Userled fetches link previews (title, description, thumbnail) from your URLs to display them beautifully in the resources section. Cloudflare's bot protection sees these requests as suspicious and blocks them.
Solution:
Create a Cloudflare WAF Rule
Step 1: Log into Cloudflare Dashboard
Go to dash.cloudflare.com
Select your website/domain
Step 2: Navigate to WAF Settings
In the left sidebar, click Security
Click WAF (Web Application Firewall)
Click Custom rules
Step 3: Create a New Custom Rule
Click Create rule
Name it:
Allow Userled BotStep 4: Configure the Rule Expression
Set up the rule with these conditions:
Field:
CookieOperator:
containsValue:
userledIn the expression builder, it should look like:
(http.cookie contains "userled")Step 5: Set the Action
Under Then take action, select: Skip → All remaining custom rules
Or alternatively: Allow
Step 6: Deploy
Click Deploy to activate the rule
Test by trying to import your Cloudflare-protected link in Userled again
Need a Specific Cookie Value?
For enhanced security, Userled can provide you with a unique cookie value for your domain. Contact Userled support with your domain, and they'll configure a specific bypass token for you. Then update your Cloudflare rule to:
(http.cookie contains "userled=[YOUR_SPECIFIC_TOKEN]")Verification
After setting up the rule:
1. Return to Userled's template editor
2. Try adding your Cloudflare-protected link to the resources section
3. You should now see the proper preview with title, description, and thumbnail
Troubleshooting
- Still seeing "Attention Required"? Check that your rule is deployed and not paused
- Rule not working? Verify you selected the correct action (Allow or Skip)
- Multiple domains? You may need to create separate rules or use Cloudflare's Zone settings
Security Considerations
This configuration only allows Userled to read your page's metadata (OpenGraph tags). It doesn't grant access to protected areas or bypass authentication on your actual website.
