How to get "Cf-Bot-Score" response header via Worker?

hustleou · September 5, 2022, 11:24am

I have deployed a Cloudflare Worker with the code from the following blog post: https://blog.cloudflare.com/cloudflare-bot-management-machine-learning-and-more/

This is the code:

addEventListener('fetch', event => {
  event.respondWith(handleRequest(event.request))
})
 
async function handleRequest(request) {
  request = new Request(request);
 
  request.headers.set("Cf-Bot-Score", request.cf.bot_management.score)
 
  return fetch(request);
}

The idea is to get the “Cf-Bot-Score” header appended to each request so that I can better evaluate the score Cloudflare assigns to each request.

However, this code is not working for some reason. Is this code updated? (taking into account that the blog post is from 2020)

Other than deploying the Worker, adding the Code and adding the route to the specific domain, do I need to do something else?

P.S. I am a PRO user. Not sure if this is only available for ENTERPRISE users.

WalshyMVP · September 5, 2022, 11:25am

I wouldn’t be surprised if it’s being stripped due to the CF- prefix.

Try changing it to X-Bot-Score

Also, you could probably just use Transform Rules here and save some money - Transform Rules · Cloudflare Rules docs

hustleou · September 5, 2022, 11:33am

Changing the value name didn’t work. However, checking the Log stream, I see the following:

 "exceptions": [
    {
      "name": "TypeError",
      "message": "Cannot read properties of undefined (reading 'score')",
      "timestamp": 1662377471830
    }
  ],

Not sure if the code has the correct syntax or if I need to be an ENTERPRISE customer.

Checking out the Transform Rules right now

WalshyMVP · September 5, 2022, 11:36am

Ah yep that’ll do it, it should be botManagement not bot_management

Not sure if you need Bot Management for it but we also provide cf.clientTrustScore which should be available

hustleou · September 5, 2022, 11:47am

I have updated the code to “botManagement”, like this, but I am getting the same error:

addEventListener('fetch', event => {
  event.respondWith(handleRequest(event.request))
})
 
async function handleRequest(request) {
  request = new Request(request);
 
  request.headers.set("X-Bot-Score", request.cf.botManagement.score)
 
  return fetch(request);
}

Going to test the “cf.clientTrustScore” value.

In terms of Transform Rules, should I use a “dynamic” header modification? and if so, what would be the correct dynamic value to place?

hustleou · September 5, 2022, 11:51am

Testing this code, it is not giving any errors, but it is not logging the “Trust Score” in the request:

addEventListener('fetch', event => {
  event.respondWith(handleRequest(event.request))
})
 
async function handleRequest(request) {
  request = new Request(request);
 
  request.headers.set("X-Trust-Score", request.cf.clientTrustScore)
 
  return fetch(request);
}

Not sure what I am doing wrong.

jnperamo · September 5, 2022, 12:42pm

Without bot management you can’t read most of the bot-related fields.
As far as I know client trust score is also part of bot management so I’m not confident you will be able to use it.

hustleou · September 5, 2022, 4:27pm

If I can’t get these values with a PRO plan, it would be difficult to solve the issues explained here: Best Way to Block ALL Bot Traffic? - #12 by hustleou

I am kind of blind, because to me, those requests should have been blocked by the “Super Bot Fight Mode”, but they were not. So not sure what “botManagement Score” were those requests assigned.

eva2000 · September 5, 2022, 4:33pm

Only CF Enterprise accounts get access to Bot Management and all it’s fields for such insights.

system · September 8, 2022, 4:34pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.