Customers Getting Cloudflare Captchas

Our customer base keeps running into Captchas screens by Cloudflare on a variety of websites while using our cloud-based proxy. We have fixed IP ranges for each one of our locations around the world and would like to create a better user experience for our customers.

Are your customers predominately located in any particular country or region? And are your exit nodes singular per tenant or have multiple exits depending on the destination IP of each individual HTTP request?

They are globally based on our solution is multi tenant but the IP ranges are dedicated per region.

This seems like the expected behavior. Are you a SaSe provider or just a proxy vendor?

1 Like

I politely disagree. Cloudflare should not be prompting for CAPTCHAs all the time from reputable sources when the frequency of connection is minimal. Just like when people are on-prem and going out through a few select IPs they shouldn’t experience it either. It’s more of a FP behavior that ultimately hurts the experience of the customers who’ve implemented Cloudflare. It should consider the reputation of the source while also taking other factors into consideration in how the product is implemented by the customers.

Captchas is entirely dependent on how the customers would like to implement them - as a general rule of thumb, their ‘security level’ dictates the threshold for when the visitors ‘threat score’ will be served with a challenge.

IP Reputation is calculated based on Project Honeypot, external public IP information, as well as internal threat intelligence from our WAF managed rules and DDoS.

It’s talked about a little bit in https://support.cloudflare.com/hc/en-us/articles/200170136-Understanding-Cloudflare-Captchas-Managed-Challenge-and-Challenge-Passage#5E5uXxCdwe0uzUUTDoSgDU

Cloudflare will not overrule a customer’s security preferences and since your traffic isn’t a bot (i.e a crawler) then it wouldn’t be eligible for something like the Friendly Bots program which are validated ‘known good’.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.