Cloudflare uses a wide variety of data sources, including Project Honeypot, to challenge potentially problematic visitors by IP before they hit your site or your server. The challenge page is designed to provide a layer of security to your website, and the challenge page also thwarts a number of things like spam bots and other threats that may be trying to attack your site. The Cloudflare Web Application Firewall (WAF) will also generate a challenge page for other potential attack signatures.
As the IP data can have some false positives, because of things like dynamic IPs, Cloudflare is including some helpful tips below for dealing with Access Restricted pages as a site owner or visitor.
If you are the site owner:
1. You can override the challenge page behavior by whitelisting IPs in your Threat Control panel. Any visitor that was actually challenged will appear in your Threat Control panel.
2. If you are interested in turning down the security level settings for your site, you can do so by going to the Cloudflare Basic Security Level settings and changing your security level (Low, Medium, High).
If you are the site visitor:
The IP address you came from recently had bad activity online, so Cloudflare will present a challenge before you can access the website. Here's what you can do to solve the problem:
1. Passing the captcha will help reduce the threat score associated with the IP address. If no bad activity is seen from the IP address after a two-week period, then the challenge behavior will stop against that IP address.
2. You can also request that the particular site you're visiting whitelist your IP address when you pass the captcha and send a message to the site owner. If the site owner decides to whitelist your IP address, it does two things:
a) It allows you to access that site from that IP without further challenges for that site.
b) Helps correct false positives with IP data, which further helps reduce the threat score associated with the IP address.