Knowledgebase:
Cloudflare Threat Control
Posted by Madhusudan S, Last modified by Madhusudan S on 03 June 2015 03:34:53 PM

CloudFlare features a Threat Control dashboard where users can view an analysis of threats to their sites. Here, users can also specify which visitors CloudFlare allows and which visitors will be blocked. To access the Threat Control dashboard:

  1. Log into your CloudFlare account at www.cloudflare.com/login.
  2. Next to the website you wish to view, click Threat Control.

Access Threat Control

Alerts

Any threats to your website which CloudFlare detects will be listed in the Alerts section of the Threat Control dashboard. If an item appears in this area, the visitor was challenged with a CAPTCHA before gaining access to your website. The following details will be provided for each threat:

  • Type of threat
  • Threat score
  • Date detected
  • IP address
  • Country of origin
  • Status of threat

https://supportnation.com/kbimages/cloudflare_threat_control_panel.png

Types of Threats

The following is an overview of the types of threats detected by CloudFlare:

  • Botnet Zombie: Computers identified as infected with a virus that are doing something malicious such as sending spam
  • Rule Breaker: An automated crawler or bot that does not appear to follow robots.txt or other rules
  • Email Harvester: A visitor identified as stealing email addresses from websites
  • Web Spammer: A visitor caught posting spam comments or spam blogs
  • Exploit Hacker: A visitor caught attempting to exploit weaknesses in code

High Priority Alerts

An exclamation symbol ( ! ) next to the threat type indicates an item which requires attention for one of two reasons:

  1. The visitor was blocked; however, the visitor passed the CAPTCHA and left a message requesting to be permanently whitelisted.
  2. The visitor is listed as a threat in CloudFlare's global system but was allowed to get through based on your security settings.

Threat Scores

Threat scores are used to indicate the severity of a particular type of threat. The scores are determined by a logarithm and generally range from 0 to 100. The higher the score, the more severe the threat.

CloudFlare allows users to specify a preference for how threat scores are handled in the security settings. The following options are available:

  • High - Anything greater than 0 will be challenged.
  • Medium - Anything greater than 8 will be challenged.
  • Low - Anything greater than 15 will be challenged.
  • Essentially Off - Anything greater than 25 will be challenged.

Blocking or Trusting Visitors

In the Threat Control dashboard, CloudFlare users can choose to either block or trust visitors listed as threats in the Alerts list. Users also have the ability to manually enter an IP, IP range or country name to block or trust.

If a threat is trusted or blocked, the visitor's IP address will be placed into either the Trust list or Block list respectively. Visitors with IPs listed in the Block list will not be challenged with a CAPTCHA. They will be completely restricted from accessing the website.

For more information about how to use the Threat Control dashboard, please see:
(0 vote(s))
Helpful
Not helpful