Skip to content

Bot Management variables

Ruleset Engine fields

Bot Management provides access to several new variables within the expression builder of Ruleset Engine-based products such as WAF custom rules.

  • Bot Score (cf.bot_management.score): An integer between 1-99 that indicates Cloudflare's level of certainty that a request comes from a bot.
  • Verified Bot (cf.bot_management.verified_bot): A boolean value that is true if the request comes from a good bot, like Google or Bing. Most customers choose to allow this traffic. For more details, see Traffic from known bots.
  • Serves Static Resource (cf.bot_management.static_resource): An identifier that matches file extensions for many types of static resources. Use this variable if you send emails that retrieve static images.
  • ja3Hash (cf.bot_management.ja3_hash) and ja4 (cf.bot_management.ja4): A JA3/JA4 fingerprint helps you profile specific SSL/TLS clients across different destination IPs, Ports, and X509 certificates.
  • Bot Detection IDs (cf.bot_management.detection_ids): List of IDs that correlate to the Bot Management heuristic detections made on a request (you can have multiple heuristic detections on the same request).
  • Verified Bot Categories (cf.verified_bot_category): A string that allows you to segment your verified bot traffic by its type and purpose.

Workers variables

These variables are also available as part of the request.cf object via Cloudflare Workers:

  • request.cf.botManagement.score
  • request.cf.botManagement.verifiedBot
  • request.cf.botManagement.staticResource
  • request.cf.botManagement.ja3Hash
  • request.cf.botManagement.ja4
  • request.cf.botManagement.jsDetection.passed
  • request.cf.botManagement.detectionIds
  • request.cf.verifiedBotCategory

Corporate Proxy

The Bot Management Corporate Proxy field contains identified cloud-based corporate proxies and secure web gateways that are Enterprise-only, and provide outbound security services to their clients.

You can access the Corporate Proxy field in custom rules, rate limiting rules, or Workers to provide different security rules for traffic from these sources. You can also exempt them from rules using Bot Management scores.

Example
not cf.bot_management.verified_bot
and not cf.bot_management.static_resource
and not cf.bot_management.corporate_proxy
and cf.bot_management.score lt 30

Log fields

Once you enable Bot Management, Cloudflare also surfaces bot information in its HTTP requests log fields:

  • BotDetectionIDs
  • BotScore
  • BotScoreSrc
  • BotTags