I see lots of UNCLASSIFIED threats in Analytics. This question was asked last month and it got
no responses. Can Cloudflare Support Team explain what these Unclassified Threats mean?
What can we do to mitigate these threats or safeguard our sites from any hard that these threats
may cause. Some explanation will be most appreciated. Thank you.
Can someone from support / others please explain?
From the sound of it, that threat was already blocked.
I checked some of my security analytics and couldn’t find anything labeled as Unclassified. Can you post a screenshot of it?
Here is the screenshot showing 42k Unclassified Threats…
Good question. Maybe @cloonan knows.
These are not massive threats. In case of blocks caused by known IP reputation or WAF rules, you should be able to find this information in the IP Firewall. The Unclassified threat type comprises a number of automatic blocks that are not related to the Browser Integrity Challenge (Bad Browser).
These threats are usually related with Hotlink Protection, and other actions that happen on the Edge based on the composition of the request (and not its content). Unclassified means a number of conditions which we groups common threats related to Hotlink protection, certain cases of IP reputation and specific requests that are blocked at the Cloudflare edge before reaching your servers.
Here is a great read on threat types, https://support.cloudflare.com/hc/en-us/articles/204191238-What-are-the-types-of-Threats-.
Thanks. That document was the first place I checked, but it did not mention “Unclassified.” It makes sense that all the other random blocks fall under this category.
Good point, I’ll pass that feedback to the doc team!