Challenge not coming up in HTTP Flood

In HTTP Flood - Access limiting:

• if I select Block, it does show the Access Forbidden page once above the limit
• if I select Challenge, nothing happens once above the limit, the app page will load as usual, status code 200, but in admin page I see that the Challenge action has been triggered for this ip. Looks like a bug!?

Could you please test it with other IPs?
After clearing the cache, does the anti-bot challenge page appear on the first request?

Is it possible that the token hasn’t expired, so the requests continue without triggering the challenge?
The anti-bot challenge does not appear on every request — once it has been passed, it won’t trigger again until the token expires.

Hi! To be clear, the antibot feature appears in 2 places: HTTP FLOOD and ANTIBOT. I have ANTIBOT switched off. I expect that Antibot screen will appear as a result of Http Flood hitting the threshold (there are 2 options - Block and Challenge).
Summary: the Antibot screen does appear when ANTIBOT heature is enabled (on the 1st request as you said), BUT the antibot screen does not appear when HTTP FLOOD feature + Challenge is enabled.

As i discovered, if i trigger the HTTP flood in browser, there's no antibot in browser. However if I trigger antibot with tools like curl, I do receive antibot status code to curl requests. I'm not sure if this is by design. It makes sense though.