Challenge Bad Bots

Hello there,

((cf.threat_score gt 14) and not (cf.client.bot) and not (http.request.uri.path contains “/api”)) or ((cf.threat_score gt 24) and not (cf.client.bot) and (http.user_agent contains “App_Name 2.0”))

Tried coming up with this firewall rule after reading thishttps://developers.Cloudflare.com/firewall/known-issues-and-faq/

Is it okay/workable?

If you are an Enterprise customer who has subscribed to bot management, that looks reasonable……
Edit to amend threat score should be available without bot management but not sure a known bot is going to have a threat score associated with it of any significance

Thanks, @cscharff for the reply,



I used the info from these links;

The problem I have is Adjusting for mobile traffic as indicated in the article;

Using

Do I use as it is?
((cf.threat_score gt 14) and not (cf.client.bot) and not (http.request.uri.path contains “/api”)) or ((cf.threat_score gt 24) and not (cf.client.bot) and (http.user_agent contains “App_Name 2.0”))

Like this
(cf.threat_score gt 14) and not (cf.client.bot) and not (http.request.uri.path contains “/api”) and (http.user_agent contains “App_Name 2.0”)

Do I use “or” or “and”?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.