diff --git a/src/content/docs/logs/reference/log-fields/zone/firewall_events.md b/src/content/docs/logs/reference/log-fields/zone/firewall_events.md
index c3be63c9c168b4f..db0ed8f23a3ce8a 100644
--- a/src/content/docs/logs/reference/log-fields/zone/firewall_events.md
+++ b/src/content/docs/logs/reference/log-fields/zone/firewall_events.md
@@ -13,7 +13,7 @@ The descriptions below detail the fields available for `firewall_events`.
Type: `string`
-The code of the first-class action the Cloudflare Firewall took on this request.
Possible actions are unknown \| allow \| block \| challenge \| jschallenge \| log \| connectionclose \| challengesolved \| challengefailed \| challengebypassed \| jschallengesolved \| jschallengefailed \| jschallengebypassed \| bypass \| managedchallenge \| managedchallengeskipped \| managedchallengenoninteractivesolved \| managedchallengeinteractivesolved \| managedchallengebypassed.
+The code of the first-class action the Cloudflare Firewall took on this request.
Possible actions are unknown \| allow \| block \| challenge \| jschallenge \| log \| connectionclose \| challengesolved \| challengebypassed \| jschallengesolved \| jschallengebypassed \| bypass \| managedchallenge \| managedchallengenoninteractivesolved \| managedchallengeinteractivesolved \| managedchallengebypassed.
## ClientASN
diff --git a/src/content/docs/logs/reference/log-fields/zone/http_requests.md b/src/content/docs/logs/reference/log-fields/zone/http_requests.md
index e013f1008316269..98da6b035c70a7d 100644
--- a/src/content/docs/logs/reference/log-fields/zone/http_requests.md
+++ b/src/content/docs/logs/reference/log-fields/zone/http_requests.md
@@ -481,7 +481,7 @@ Action of the security rule that triggered a terminating action, if any.
Type: `array[string]`
-Array of actions the Cloudflare security products performed on this request. The individual security products associated with this action be found in SecuritySources and their respective rule Ids can be found in SecurityRuleIDs. The length of the array is the same as SecurityRuleIDs and SecuritySources.
Possible actions are unknown \| allow \| block \| challenge \| jschallenge \| log \| connectionClose \| challengeSolved \| challengeFailed \| challengeBypassed \| jschallengeSolved \| jschallengeFailed \| jschallengeBypassed \| bypass \| managedChallenge \| managedChallengeSkipped \| managedChallengeNonInteractiveSolved \| managedChallengeInteractiveSolved \| managedChallengeBypassed \| rewrite \| forceConnectionClose \| skip \| managedChallengeFailed.
+Array of actions the Cloudflare security products performed on this request. The individual security products associated with this action be found in SecuritySources and their respective rule Ids can be found in SecurityRuleIDs. The length of the array is the same as SecurityRuleIDs and SecuritySources.
Possible actions are unknown \| allow \| block \| challenge \| jschallenge \| log \| connectionClose \| challengeSolved \| challengeBypassed \| jschallengeSolved \| jschallengeBypassed \| bypass \| managedChallenge \| managedChallengeNonInteractiveSolved \| managedChallengeInteractiveSolved \| managedChallengeBypassed \| rewrite \| forceConnectionClose \| skip.
## SecurityRuleDescription
diff --git a/src/content/docs/logs/reference/security-fields.mdx b/src/content/docs/logs/reference/security-fields.mdx
index af9faeedd6ecfb1..564d46b9ead553f 100644
--- a/src/content/docs/logs/reference/security-fields.mdx
+++ b/src/content/docs/logs/reference/security-fields.mdx
@@ -22,10 +22,8 @@ The Security fields contain rules to block requests that contain specific types
| `log` | Log | Take no action other than logging the event. |
| `connectionClose` | Close | Close connection. |
| `challengeSolved` | Allow | Allow once interactive challenge solved. |
-| `challengeFailed` | Drop | Block following invalid interactive challenge solve attempt. |
| `challengeBypassed` | Allow | Interactive challenge is not issued again because the visitor had previously passed an interactive challenge and a valid `cf_clearance` cookie is present. |
| `jschallengeSolved` | Allow | Allow once JS challenge solved. |
-| `jschallengeFailed` | Drop | Drop if JS challenge failed. |
| `jschallengeBypassed` | Allow | JS challenge not issued because the visitor had previously passed a JS or interactive challenge. |
| `bypass` | Allow | Bypass all subsequent firewall rules. |
| `managedChallenge` | Challenge Drop | Issue managed challenge. |
@@ -61,4 +59,3 @@ The Security fields contain rules to block requests that contain specific types
| `dlp` | Allow or block based on the Data Loss Prevention product settings. |
| `firewallManaged` | Allow or block based on WAF Managed Rules' settings. |
| `firewallCustom` | Allow or block based on a rule configured in WAF custom rules. |
-
diff --git a/src/content/docs/waf/troubleshooting/faq.mdx b/src/content/docs/waf/troubleshooting/faq.mdx
index b35dafd8fd9d9da..a851bbb9bef397f 100644
--- a/src/content/docs/waf/troubleshooting/faq.mdx
+++ b/src/content/docs/waf/troubleshooting/faq.mdx
@@ -163,13 +163,7 @@ Previously, unless you customize your front-end application, any AJAX request th
Now, you can [opt-in to Turnstile’s Pre-Clearance cookies](/turnstile/concepts/pre-clearance-support/). This allows you to issue a challenge early in your web application flow and pre-clear users to interact with sensitive APIs. Clearance cookies issued by a Turnstile widget are automatically applied to the Cloudflare zone that the Turnstile widget is embedded on, with no configuration necessary. The duration of the clearance cookie’s validity is controlled by the zone-specific configurable [Challenge Passage](/waf/tools/challenge-passage/) security setting.
-### Does the challengeFailed action accurately represent challenges that users did not pass?
-
-No. The `challengeFailed` and `jschallengeFailed` firewall rule actions account for observed requests that, under special circumstances, did not pass a challenge. However, some failed challenges cannot be traced back to a firewall rule. Additionally, Cloudflare Firewall Rules may not have a record of every request with a failed challenge.
-
-Therefore, consider these actions with caution. A reliable indicator is the [Challenge Solve Rate (CSR)](/bots/concepts/challenge-solve-rate/) displayed in **Security** > **WAF** > **Firewall rules**, which is calculated as follows: `number of challenges solved / number of challenges issued`.
-
-### Why would I not find any failed challenges? Why is ChallengeIssued not equal to ChallengeSolved plus ChallengeFailed?
+### Why would I not find any failed challenges?
Users do not complete all challenges. Cloudflare issues challenges that are never answered — only 2-3% of all served challenges are usually answered.
@@ -180,10 +174,12 @@ There are multiple reasons for this:
- Users keep refreshing the challenge, but never submit an answer.
- Cloudflare receives a malformed challenge answer.
+You can calculated the number of failed challenges as follows: `number of challenges issued - number of challenges solved`.
+
### Why do I have matches for a firewall rule that was not supposed to match the request?
Make sure you are looking at the correct request.
-Only requests that triggered a challenge will match the request parameters of the rule. Subsequent requests with a `[js]challengeSolved` or `[js]challengeFailed` action may not match the parameters of the rule — for example, the bot score may have changed because the user solved a challenge.
+Only requests that triggered a challenge will match the request parameters of the rule. Subsequent requests with a `[js]challengeSolved` action may not match the parameters of the rule — for example, the bot score may have changed because the user solved a challenge.
-The "solved" and "failed" actions are informative actions about a previous request that matched a rule. These actions state that "previously a rule had matched a request with the action set to _Interactive Challenge_ or _JS Challenge_ and now that challenge was answered."
+The "solved" action is an informative action about a previous request that matched a rule. This action states that "previously a rule had matched a request with the action set to _Interactive Challenge_ or _JS Challenge_ and now that challenge was answered."