This block is not related to bot mitigation settings. It is related to Browsers verification.
It seems that in browser you send request to not Qualified to Injection URL.
In general, to make URL qualified, you need to get 10 server responses with html tag OR you can manually make URL always qualified by dosl7.cs_qualified_urls sys db - e.g. "modify sys db dosl7.cs_qualified_urls value /1.html,/*php"