- How does Cloudflare detect bots?
- How do I know what's included in my plan?
- How do I set up my bot product?
- How does machine learning work?
- Why am I seeing a Managed Challenge action for Firewall rules?
- What is the difference between the threat score and bot management score?
- What is cf.bot_management.verified_bot?
- I run a good bot and want for it to be added to the allowlist (cf.bot_management.verified_bot). What should I do?
- What information do I need to troubleshoot my bot issues?
- How can I disable Bot Fight Mode (Free plans) and Super Bot Fight Mode (Pro and Business plans)?
- Related resources
Cloudflare’s bot solutions identify and mitigate automated traffic to protect your domain from bad bots.
For more information about these bot solutions and how to set them up, see the developer documentation.
How does Cloudflare detect bots?
Cloudflare uses multiple methods to detect bots, but these vary by plan. For more details see, Cloudflare bot products.
How do I know what's included in my plan?
To know what's included in your plan, see our developer documentation.
How do I set up my bot product?
To learn how to set up your bot product, see our developer documentation.
How does machine learning work?
Supervised machine learning takes certain variables (X) like gender and age and predicts another variable (Y) like income.
In Bot Management and Super Bot Fight Mode, the X variables are request features, while the Y variable represents the probability of solving a Captcha based on X values.
Cloudflare uses data from millions of requests and re-train the system on a periodic basis. You can learn about this data from your own request logs such as Cloudflare Logpull and Logpush as well as the Firewall API.
Why am I seeing a Managed Challenge action for Firewall rules?
When you choose to challenge different bot categories with Bot Fight Mode or Super Bot Fight Mode, you will see Firewall Events with an Action Taken of Managed Challenge.
You may also see Managed Challenge as a result of a Firewall rule.
What is the difference between the threat score and bot management score?
The difference is significant:
- Threat score (cf.threat_score) is what Cloudflare uses to determine IP Reputation. It goes from 0 (good) to 100 (bad).
- Bot management score (cf.bot_management.score) is what Cloudflare uses in Bot Management to measure if the request is from a human or a script. The scores range from 1 (bot) to 99 (human). Lower scores indicate the request came from a script, API service, or an automated agent. Higher scores indicate that the request came from a human using a standard desktop or mobile web browser.
These fields are available via Cloudflare Firewall Rules.
What is cf.bot_management.verified_bot?
A request's cf.bot_management.verified_bot value is a boolean indicating whether such request comes from a Cloudflare allowed bot.
Cloudflare has built an allowlist of good, automated bots, e.g. Google Search Engine, Pingdom, and more.
This allowlist is large based on reverse DNS verification, meaning that the IPs we allow really match the requesting service. In addition to this, Cloudflare uses multiple validation methods including ASN blocks and public lists. If none of these validation types are available for a customer, we use internal Cloudflare data and machine learning to identify legitimate IP addresses from good bots.
To allow traffic from good bots, use the Verified Bot field in your Firewall Rule.
I run a good bot and want for it to be added to the allowlist (cf.bot_management.verified_bot). What should I do?
To be added to the Cloudflare allowlist, please submit this online application.
What information do I need to troubleshoot my bot issues?
If you are experiencing errors with your bot solution and need to submit a Support request, include the following information:
- IP addresses
- Firewall Rule IDs, rule expression, CAPTCHA solve rates
- Common user-agents among false positives
- Common ASNs among false positives
- Screenshots of strange activity from the firewall, such as a huge spike in challenged traffic on the graph
- Problematic URIs or paths
- Rough description of how your domain is configured.
- Is one zone SSL for SaaS while the others are not?
- Is most API traffic sent to a particular URI?
- How much mobile traffic do you expect?
How can I disable Bot Fight Mode (Free plans) and Super Bot Fight Mode (Pro and Business plans)?
You disable it under the Firewall app > Bots tab.
- For Free plans, toggle the Bot Fight Mode option to Off
- Cloudflare Bot Management (Developer Documentation)
- Cloudflare Firewall Rules (Developers Documentation)
- Cloudflare Bot Management: machine learning and more (Cloudflare Blog)
- Stop the Bots: Practical Lessons in Machine Learning (Cloudflare Blog)