Block requests based on IP reputation
A powerful feature of Firewall Rules is its support for Cloudflare’s IP reputation score. To block requests based on IP reputation, use the cf.threat_score
field, which can contain a score from 0 to 100. Reputation scores are collected from Project Honeypot.
This example blocks requests from IP addresses that score greater than 0. This is equivalent to setting the Security Level in the Firewall app Settings panel to High. For more, see Understanding the Cloudflare Security Level.
This example also blocks requests based on country code (ISO 3166-1 Alpha 2 format):
Expression | Action |
---|---|
(ip.geoip.country in {"CN" "TW" "US" "GB"}) or cf.threat_score > 0 | Block |