I believe the notorious “Security Level” feature is the main culprit of why so many people complain that they are seeing captchas. I think that naive customers or admins will just select the highest Security Level as there appears to be no downside.
I believe there should be some sort of warning or a more “in-your-face” information label describing how security level will flag legitimate visitors with a captcha
On another note, but still related, why is the Security Level feature now hidden behind the “Under Attack Mode” toggle?
It’s under Firewall->Settings. Default setting is medium. The attached Help window does explain what High does. As I rarely look at that, it’s interesting to note it’s a 14 day history for a bad IP addresses.
As is often the case, there are many options available that users click without reading the attached or relevant documentation. Even Cloudflare itself merits some research before someone signs up for it. Any deviation from a standard configuration should be researched first. To do otherwise is risky.
Ah I did not see the “Settings” under Firewall as it’s all the way on the right hand side
My concern now is that the default setting of “Medium” is too strict, but yes, in the end it’s a double-edged sword
1 Like