Block requests by Threat Score
A powerful feature of firewall rules is its support for Cloudflare’s Threat Score, which ranks requests based on IP reputation. The cf.threat_score
field can contain a score from 0 to 100. These scores are collected from Project Honeypot.
This example blocks requests based on country code ( ISO 3166-1 Alpha 2 format), from IP addresses that score greater than 0. This is equivalent to setting the Security Level in Security > Settings to High. For more, refer to Understanding the Cloudflare Security Level.
Expression | Action |
---|---|
(ip.geoip.country in {"CN" "TW" "US" "GB"}) and cf.threat_score > 0 | Block |