Challenging other countries without affecting search engine equity

We have Pro on our ecommerce sites. 99% of our customers are US-based, but I notice a large amount of what must be bot traffic from other countries when I compare the Cloudflare data to our Google Analytics user data.

I would like to stop such traffic in its tracks for security and bandwidth reasons unless it is related to search engine optimization or some other legitimate service. Of course Google and Bing are our primary concerns.

I was curious whether us forcing a CAPTCHA to these countries who almost never order from us would have unintended consequences?

I am also curious what other standard practices other ecommerce companies have for Cloudflare. For instance, we just realized rate limiting was off on one of our sites and we got hit with a massive SQL injection attack from Poland, so obviously rate limiting is a no brainer.

Thanks!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.