Cloudflare Docs
Firewall Rules
Visit Firewall Rules on GitHub
Set theme to dark (⇧+D)

Block requests by Threat Score

A powerful feature of firewall rules is its support for Cloudflare’s Threat Score, which ranks requests based on IP reputation. The cf.threat_score field can contain a score from 0 to 100. These scores are collected from Project Honeypot.

This example blocks requests based on country code ( ISO 3166-1 Alpha 2 format), from IP addresses that score greater than 0. This is equivalent to setting the Security Level in Security > Settings to High. For more, refer to Understanding the Cloudflare Security Level.

ExpressionAction
(ip.geoip.country in {"CN" "TW" "US" "GB"}) and cf.threat_score > 0Block