Cloudflare classifies the threats that it blocks or challenges. To help you understand more about your site’s traffic, the “Type of Threats Mitigated” metric on the analytics page measures threats blocked or challenged by the following categories:
Bad browser:
The source of the request was not legitimate or the request itself was malicious. Users would see a 1010 error page in their browser.
Cloudflare's Browser Integrity Check looks for common HTTP headers abused most commonly by spammers and denies them access to your page. It will also challenge visitors that do not have a user agent or a non standard user agent (also commonly used by bots, crawlers, or visitors).
Learn more about the Browser Integrity Check here.
Blocked hotlink:
"Hotlink Protection" ensures that other sites cannot use your bandwidth by building pages that link to images hosted on your origin server. This feature can be turned on and off by Cloudflare’s customers.
Learn more about Hotlink Protection here.
Human challenged:
Visitors were presented with a CAPTCHA challenge page and failed to pass.
Note: A CAPTCHA page is a difficult to read word or set of numbers that only a human can translate. If entered incorrectly, the request is blocked.
Browser challenge:
A bot gave an invalid answer to the JavaScript challenge (in most cases this won't happen, bots typically do not respond to the challenge at all, so "failed" JavaScript challenges would not get logged).
Note: During a JavaScript challenge you will be shown an interstitial page for about five seconds while Cloudflare performs a series of mathematical challenges to make sure it is a legitimate human visitor.
Bad IP:
A request that came from an IP address that is not trusted by Cloudflare based on the Threat Score.
Cloudflare uses Threat Scores gathered from sources such as Project Honeypot, as well as our own communities' traffic to determine whether a visitor is legitimate or malicious. When a legitimate visitor passes a challenge, that helps offset the Threat Score against the previous negative behavior seen from that IP address. Our system learns who is a threat from this activity. Site owners may override the Threat Score at any time using Cloudflare's security settings.
Country block:
Requests from countries that were blocked based on the user configuration set within the Firewall app.
Learn more about blocking countries using the Firewall app here.
IP block (user):
Requests from specific IP addresses that were blocked based on the user configuration set within the Firewall app.
Learn more about blocking IPs using the Firewall app here.
IP range block (/16):
A /16 IP range that was blocked based on the user configuration set within the Firewall app.
Learn more about blocking IPs using the Firewall app here.
IP range block (/24):
A /24 IP range that was blocked based on the user configuration set within the Firewall app.
Learn more about blocking IPs using the Firewall app here.
New CAPTCHA (user):
Challenge based on user configurations set for visitor’s IP in either the WAF or the Firewall app.
Learn more about challenging visitors using the WAF here.
Captcha error:
Requests made by a bot that failed to pass the challenge.
Note: A CAPTCHA page is a difficult to read word or set of numbers that only a human can translate. If entered incorrectly, the request is blocked.
Bot Request:
Request that came from a bot.
Unclassified:
Unclassified threats comprises a number of automatic blocks that are not related to the Browser Integrity Challenge (Bad Browser). These threats usually relate to Hotlink Protection, and other actions that happen on the edge based on the composition of the request (and not its content).
Unclassified means a number of conditions under which we group common threats related to Hotlink protection as well as certain cases of IP reputation and specific requests that are blocked at the Cloudflare edge before reaching your servers.