Skip to content
Visit Firewall on GitHub
Set theme to dark (⇧+D)

Challenge bad bots

Cloudflare’s Bot Management feature scores the likelihood that a request originates from a bot.

Scores range from 1 to 99. Low scores indicate the request comes from a script, API service, or an automated agent. High scores indicate that a human issued the request from a standard desktop or mobile web browser.

This example uses the cf.bot_management.score dynamic field to target requests from bots. It uses the cf.bot_management.verified_bot field to identify requests from known good bots.

When a request for login has a Bot Management score less than 30 and is not on the list of known good bots, Cloudflare issues a CAPTCHA challenge:

(cf.bot_management.score lt 30) and (http.request.uri.path eq "/login") and not (cf.bot_management.verified_bot)Challenge