Cloudflare Docs
Learning Paths
Visit Learning Paths on GitHub
Set theme to dark (⇧+D)

Implementation methods

  2 min read

Though most customers choose to implement bot management through Firewall rules, Cloudflare actually makes various bot signals available in several different products.

​​ Firewall

Bot Management provides access to several new variables within the Firewall expression builder.

  • Bot Score (cf.bot_management.score): An integer between 1-99 that indicates Cloudflare’s level of certainty that a request comes from a bot.
  • Verified Bot (cf.bot_management.verified_bot): A boolean value that is true if the request comes from a good bot, like Google or Bing. Most customers choose to allow this traffic. For more details, see Traffic from known bots.
  • Serves Static Resource (cf.bot_management.static_resource): An identifier that matches file extensions for many types of static resources. Use this variable if you send emails that retrieve static images.
  • ja3Hash (cf.bot_management.ja3_hash): A JA3 Fingerprint helps you profile specific SSL/TLS clients across different destination IPs, Ports, and X509 certificates.
  • Bot Detection IDs (cf.bot_management.detection_ids): List of IDs that correlate to the Bot Management heuristic detections made on a request (you can have multiple heuristic detections on the same request).

​​ Common use cases

You can use Firewall variables in a variety of actions, including:

  • Log
  • Bypass
  • Allow
  • Challenge

For a full list of options, refer to Firewall actions.


​​ Workers

These variables are also available as part of the request.cf object via Cloudflare Workers:

  • request.cf.botManagement.score
  • request.cf.botManagement.verifiedBot
  • request.cf.botManagement.staticResource
  • request.cf.botManagement.ja3Hash
  • request.cf.botManagement.js_detection.passed
  • request.cf.botManagement.detectionIds

​​ Common use cases

You might want to do the following based on bot information in Cloudflare Workers:

  • Capture score with request (asynchronous warfare).
  • Redirect (to other page, application, honeypot, compute).
  • Serve alternative content based on score (avoid serving ads to bots with a low score).
  • Require additional authentication (for example, token authentication for requests with low score).
  • Notify users of low-score logins.
  • Check for combinations based on Bot Score and Clearance Cookie (show which bots passed challenges, or which humans got low scores).

For examples that could be useful in building these actions, refer to Workers Examples.


​​ Logs

Once you enable Bot Management, Cloudflare also surfaces bot information in its HTTP requests log fields:

  • BotDetectionIDs
  • BotScore
  • BotScoreSrc
  • BotTags

​​ Common use cases

With log information, the main use case is better understanding and analyzing bot traffic.




Unit 2 of 5

Previous
Next