What are the types of Threats?

Cloudflare classifies the threats that it blocks or challenges. To help you understand more about your site’s traffic, the “Type of Threats Mitigated” metric on the analytics page measures threats blocked or challenged by the following categories:   

Bad browser:
The source of the request was not legitimate or the request itself was malicious. Users would see a 1010 error page in their browser.

Cloudflare's Browser Integrity Check looks for common HTTP headers abused most commonly by spammers and denies them access to your page. It will also challenge visitors that do not have a user agent or a non standard user agent (also commonly used by bots, crawlers, or visitors).

Learn more about the Browser Integrity Check here.

Blocked hotlink:
"Hotlink Protection" ensures that other sites cannot use your bandwidth by building pages that link to images hosted on your origin server. This feature can be turned on and off by Cloudflare’s customers.

Learn more about Hotlink Protection here.

Human challenged:
Visitors were presented with a CAPTCHA challenge page and failed to pass.

Note: A CAPTCHA page is a difficult to read word or set of numbers that only a human can translate. If entered incorrectly, the request is blocked.

Browser challenge:
A bot gave an invalid answer to the JavaScript challenge (in most cases this won't happen, bots typically do not respond to the challenge at all, so "failed" JavaScript challenges would not get logged).

Note: During a JavaScript challenge you will be shown an interstitial page for about five seconds while Cloudflare performs a series of mathematical challenges to make sure it is a legitimate human visitor.

Bad IP:
A request that came from an IP address that is not trusted by Cloudflare based on the Threat Score.

Cloudflare uses Threat Scores gathered from sources such as Project Honeypot, as well as our own communities' traffic to determine whether a visitor is legitimate or malicious. When a legitimate visitor passes a challenge, that helps offset the Threat Score against the previous negative behavior seen from that IP address. Our system learns who is a threat from this activity. Site owners may override the Threat Score at any time using Cloudflare's security settings.

Learn more about Threat Scores here.

Country block:
Requests from countries that were blocked based on the user configuration set within the Firewall app.

Learn more about blocking countries using the Firewall app here.

IP block (user):
Requests from specific IP addresses that were blocked based on the user configuration set within the Firewall app.

Learn more about blocking IPs using the Firewall app here.

IP range block (/16):
A /16 IP range that was blocked based on the user configuration set within the Firewall app.

Learn more about blocking IPs using the Firewall app here.

IP range block (/24):
A /24 IP range that was blocked based on the user configuration set within the Firewall app.

Learn more about blocking IPs using the Firewall app here.

New CAPTCHA (user):
Challenge based on user configurations set for visitor’s IP in either the WAF or the Firewall app.

Learn more about challenging visitors using the WAF here.

Captcha error:
Requests made by a bot that failed to pass the challenge.

Note: A CAPTCHA page is a difficult to read word or set of numbers that only a human can translate. If entered incorrectly, the request is blocked.

Bot Request:
Request that came from a bot.

Still not finding what you need?

The CloudFlare team is here to help. 95% of questions can be answered using the search tool, but if you can’t find what you need, submit a support request.

Powered by Zendesk