Review analytics
2 min read
Before deploying Bot Management on live traffic, use Bot Analytics to determine your domain’s sensitivity to bot traffic.
At the end of your analysis, you should have:
- A range of scores you can confidently block or challenge.
- Specific characteristics that identify traffic that you should allow.
- Identified other nuances in your traffic for further investigation.
Bot analytics
Go to Security > Bots and examine the following traffic segments:
- Automated traffic: Bot scores of 1
- Likely automated traffic: Bots scores of 2 through 29
- Other traffic groups: Any additional large spikes in bot scores
Automated and Likely automated traffic
For automated traffic, sort through the IP addresses, ASNs, and other data points at the bottom of the page.
Look for traffic groups that should not be blocked — commonly API or mobile app traffic. Do the same for likely automated traffic.
Pay specific attention to:
- Which endpoints are being targeted.
- The top non-Mozilla user agents.
- Traffic from Outlook or Office user-agents.
- Traffic from cloud-based Secure Web Gateways (ASNs labeled with the proxy provider).
- Traffic from on-premises forward proxies.
- Whether requests come from a predictable IP address and ASN, or have a similar JA3 fingerprint.
For more details, refer to Understand your site’s traffic.
Other traffic groups
Use the slider tool to identify other traffic groups. For example, you may find that traffic from your mobile app is routinely scored at 12.
Note the common characteristics of these requests, looking at the same information as for automated and likely automated traffic. These requests may be from sources you do not want to block.
Cloudflare Logs
Once you enable Bot Management, Cloudflare also surfaces bot information in its HTTP requests log fields:
- BotDetectionIDs
- BotScore
- BotScoreSrc
- BotTags
If you update your Logpush export to include these new fields, you can perform more detailed analysis of bot-related requests.
Unit 2 of 7