Bot Detection Breaks SSH Tunnels 🐛

[sl33nyc]

Describe the bug Description in Comment on Another Issue #324

I strongly suspect that Bot detection rules having higher rule precedence over Access rules is the culprit, so I filed this issue to request some sort of acknowledgement/documentation. I've "done this to myself" twice because I clicked the shiny "Bot Fight Mode" toggle and had forgotten its consequences. Luckily, I stumbled across #324 after a quick Google search and read to the end of #324's comments.

Nonetheless, enabling Bot Fight Mode breaking my SSH tunnel seems like a significant disconnect from an error saying "websocket: bad handshake". Ideally, I'd like to be able to enable "Bot Fight Mode" because it's probably good to take advantage of Cloudflare's expertise in such matters. I'm guessing that this is part of a known class of similar problems, so it'd be great to hear if the solution is a work in progress and either it will be fixed or some sort of "exception" rules can be configured.

Admittedly, I'm not on a paid plan, so if a paid tier includes the requisite automated workaround, then at least a warning somewhere would be helpful.

To Reproduce Steps to reproduce the behavior:

1. Turn on "Bot Fight Mode". (Wait a few seconds for rule propagation...)
2. Attempt to ssh into host configured per https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/use_cases/ssh/#connect-to-ssh-server-with-cloudflared-access.
3. Observe ERR failed to connect to origin error="websocket: bad handshake" originURL=...