Can anyone shed light on the order in which the following rules apply?
Bot Fight Mode / Bot Management / Security Rules
Unknown? Presumably this is before Workers because Workers get a “Threat Score” header?
Workers come before the cache; does this mean they come before bot fight / firewall / rate limiting rules?
Firewall Rules can “bypass” WAF, Rate Limiting, Browser Integrity checks… so they must come before the WAF/Rate Limiting etc
WAF Managed Rules
Use cases / questions:
Why is bot fight mode not enabled by default? What is the risk? Percentage of false positives for example?
For example Rate Limit in one zone – let me set a flag in the CF Worker’s KV so that I can block the IP in other zones also. Is is possible to leverage CF tooling or would I have to build my own?
Class ‘C’: If more than x IPs from same class C have been detected in past x hours across all zones, block the class C for z mins?
ASN Rep: Threat score for ASN, class C and IP?