Before you implement any bot protection, you should review your site’s content, as that might affect your implementation.
Site purpose
Situation
The general purpose of your site (and its intended audience) may affect the thresholds you use for Bot management.
Implementation details
If you want to minimize false positives and lost revenue — common for ecommerce or marketing websites — you might lean towards more permissive rules that could lead to higher bot traffic.
If you want to increase protection and minimize bot traffic - common for financial institutions - you might prefer stricter rules, even though they contain a greater risk of false positives.
Static resources
Situation
Static resources are files with the following extensions:
|css|jar|js|jpg|jpeg|gif|ico|png|bmp|pict|csv|doc|docx|xls|xlsx|pdf|ps|pls|ppt|txt|ico|pptx|tif|tiff|ttf|otf|woff|woff2|webp|svg|svgz|eot|eps|ejs|swf|torrent|midi|mid|
Implementation details
Static resources are protected by default when you create firewall rules using
cf.bot_management.score.
If you do not explicitly exclude static resources from your firewall rules, you may block good bots — like mail clients — that routinely fetch static resources.
To exclude static resources, you would need to include
not (cf.bot_management.static_resource) as part of a firewall rule.
WordPress installations
Situation
When users attempt to run diagnostics in the Site Status page for WordPress installations, loopback issues arise when our bot detection services block them.
Implementation details
For more details, refer to WordPress Loopback errors.