Origin-requested captcha

Greetings! I’m developing my first application that will be delivered through Cloudflare, so I’m a total noob at Cloudflare tools.

Is it possible for an origin server to respond with a code like “429 Too Many Requests” that would trigger Cloudflare to challenge the original visitor before re-attempting, while avoiding giving the visitor a final “blocked” response?

I know this functionality can be accomplished with a Worker, but are there other ways? and especially, is there an out-of-the-box behaviour that can be triggered by the origin server with a magic response code?

This feature would be useful to rate limit DDOS on auth endpoints at the onset, without outright blocking the offending IP. The origin can readily detect conditions like “first auth 5 accesses from the same IP”, and use early rate limiting, while still allowing innocent human access from the same (shared) offending IP.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.