Type
Product improvement
Description
Add a new security action, “Intentional Delay”
Benefit
Maybe this sounds crazy but I’d like one of the responses to WAF rules to be adding an intentional delay to the response.
The use case would be for “gray area” bots, like SEO crawler tools, that our customers visitors run against our site even though it’s against the terms of use. After encountering the Cloudflare block or managed challenge, these bot operators often try to reach out to my org and get the firewall rules changed.
My thought is, let’s slow them down instead, enough that they won’t DDoS our site. The bot operator likely won’t realize they are being throttled, since their bot is still working, and not reaching any unexpected response codes. Ignorance is bliss, right?