How to stop bots in the first place?

Hi, everyone. I’ve captchaed the path: /favicon.ico and the solve rate is zero. They must be all bots. However, those bots first used normal paths to visit the site. And then they use /favicon.ico to attack the site. I can’t find a pattern. They use new devices. How can I stop them in the first place?

favicon.ico is requested by browsers when they want to load the icon used to display in each browser tab after loading a webpage.


I don’t think you should block them, and this file should be cached by default. And it shouldn’t cause any harm to your website either.

Thanks. But solve rate is zero.

The favicon is loaded in a way similar to AJAX, and AJAX won’t be able to solve any challenges issued by Cloudflare. The solve rate will be always zero.

1 Like

Thanks. I also captchaed this path:

Many user agents have no other paths but this path. So I captchaed it.

The solve rate is also zero. Is it normal that the solve rate of this path is zero?

The solve rate is going to be zero because your visitors’ web browsers are asking for that icon as an automated part of visiting your site. The file isn’t being requested interactively by your visitor, so I doubt they will ever see the CAPTCHA to have an opportunity to solve it.

Like @erictung said, it doesn’t make sense to block this file with a challenge.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.