Block requests by Threat Score
The threat score is a score from 0 (zero risk) to 100 (high risk) classifying the IP reputation of a visitor.
IP reputation is calculated based on Project Honeypot, external public IP information, as well as internal threat intelligence from WAF managed rules and DDoS.
This example blocks requests based on country code (ISO 3166-1 Alpha 2 ↗ format), from IP addresses that score greater than 0. This is equivalent to setting the Security Level in Security > Settings to High. For more information, refer to Security Level.
- Expression:
(ip.src.country in {"CN" "TW" "US" "GB"} and cf.threat_score gt 0)
- Action: Block