Cloudflare Docs
Learning Paths
Visit Learning Paths on GitHub
Set theme to dark (⇧+D)

Understand site content

  2 min read

Before you implement any bot protection, you should review your site’s content, as that might affect your implementation.

​​ Site purpose

​​ Situation

The general purpose of your site (and its intended audience) may affect the thresholds you use for Bot management.

​​ Implementation details

If you want to minimize false positives and lost revenue — common for ecommerce or marketing websites — you might lean towards more permissive rules that could lead to higher bot traffic.

If you want to increase protection and minimize bot traffic - common for financial institutions - you might prefer stricter rules, even though they contain a greater risk of false positives.


​​ Static resources

​​ Situation

Static resources are files with the following extensions:

|css|jar|js|jpg|jpeg|gif|ico|png|bmp|pict|csv|doc|docx|xls|xlsx|pdf|ps|pls|ppt|txt|ico|pptx|tif|tiff|ttf|otf|woff|woff2|webp|svg|svgz|eot|eps|ejs|swf|torrent|midi|mid|

​​ Implementation details

Static resources are protected by default when you create firewall rules using cf.bot_management.score.

If you do not explicitly exclude static resources from your firewall rules, you may block good bots — like mail clients — that routinely fetch static resources.

To exclude static resources, you would need to include not (cf.bot_management.static_resource) as part of a firewall rule.


​​ WordPress installations

​​ Situation

When users attempt to run diagnostics in the Site Status page for WordPress installations, loopback issues arise when our bot detection services block them.

​​ Implementation details

For more details, refer to WordPress Loopback errors.