Force security challenge for a request

On receiving a request, is there a way the Origin can tell Cloudflare to challenge (either captcha or javascript)?

From what I see I could add Firewall rules to challenge, but that works for future requests, not for the request that is being processed.

  1. Is there a way to programatically force challenge from the origin for a request that the origin has already received (but not responded yet)?
  2. For a request, is there a way the Origin could find the threat score as computed by Cloudflare, whether the request was challenged, and the verdict?

AFAIK both is not possible at the moment, but I’d say it would warrant a “product request”. If you edit your posting and recategorise it to “product request” you’d have my vote for it.

Thanks. Changed it to product requests

Possibly? reCAPTCHA  |  Google Developers

I believe for Enterprise customers we currently can send this to the origin and there is some discussion of exposing this further (@sandro’s product request is probably the right path… I would like it to be exposed in workers at a minimum).


This topic was automatically closed after 30 days. New replies are no longer allowed.