Loading source
Pulling the file list, source metadata, and syntax-aware rendering for this listing.
Source from repo
Comprehensive Cloudflare platform skill covering Workers, D1, R2, KV, AI, Durable Objects, and security.
Files
Skill
Size
Entrypoint
Format
Open file
Syntax-highlighted preview of this file as included in the skill package.
references/bot-management/api.md
1# Bot Management API2## Workers: BotManagement Interface4```typescript6interface BotManagement {7score: number; // 1-99 (Enterprise), 0 if not computed8verifiedBot: boolean; // Is verified bot9staticResource: boolean; // Serves static resource10ja3Hash: string; // JA3 fingerprint (Enterprise, HTTPS only)11ja4: string; // JA4 fingerprint (Enterprise, HTTPS only)12jsDetection?: {13passed: boolean; // Passed JS detection (if enabled)14};15detectionIds: number[]; // Heuristic detection IDs16corporateProxy?: boolean; // From corporate proxy (Enterprise)17}18// DEPRECATED: Use botManagement.score instead20// request.cf.clientTrustScore (legacy, duplicate of botManagement.score)21// Access via request.cf23import type { IncomingRequestCfProperties } from '@cloudflare/workers-types';24export default {26async fetch(request: Request): Promise<Response> {27const cf = request.cf as IncomingRequestCfProperties | undefined;28const botMgmt = cf?.botManagement;29if (!botMgmt) return fetch(request);31if (botMgmt.verifiedBot) return fetch(request); // Allow verified bots32if (botMgmt.score === 1) return new Response('Blocked', { status: 403 });33if (botMgmt.score < 30) return new Response('Challenge required', { status: 429 });34return fetch(request);36}37};38```39## WAF Fields Reference41```txt43# Score fields44cf.bot_management.score # 0-99 (0 = not computed)45cf.bot_management.verified_bot # boolean46cf.bot_management.static_resource # boolean47cf.bot_management.ja3_hash # string (Enterprise)48cf.bot_management.ja4 # string (Enterprise)49cf.bot_management.detection_ids # array50cf.bot_management.js_detection.passed # boolean51cf.bot_management.corporate_proxy # boolean (Enterprise)52cf.verified_bot_category # string53# Workers equivalent55request.cf.botManagement.score56request.cf.botManagement.verifiedBot57request.cf.botManagement.ja3Hash58request.cf.botManagement.ja459request.cf.botManagement.jsDetection.passed60request.cf.verifiedBotCategory61```62## JA4 Signals (Enterprise)64```typescript66import type { IncomingRequestCfProperties } from '@cloudflare/workers-types';67interface JA4Signals {69// Ratios (0.0-1.0)70heuristic_ratio_1h?: number; // Fraction flagged by heuristics71browser_ratio_1h?: number; // Fraction from real browsers72cache_ratio_1h?: number; // Fraction hitting cache73h2h3_ratio_1h?: number; // Fraction using HTTP/2 or HTTP/374// Ranks (relative position in distribution)75uas_rank_1h?: number; // User-Agent diversity rank76paths_rank_1h?: number; // Path diversity rank77reqs_rank_1h?: number; // Request volume rank78ips_rank_1h?: number; // IP diversity rank79// Quantiles (0.0-1.0, percentile in distribution)80reqs_quantile_1h?: number; // Request volume quantile81ips_quantile_1h?: number; // IP count quantile82}83export default {85async fetch(request: Request): Promise<Response> {86const cf = request.cf as IncomingRequestCfProperties | undefined;87const ja4Signals = cf?.ja4Signals as JA4Signals | undefined;88if (!ja4Signals) return fetch(request); // Not available for HTTP or Worker routing90// Check for anomalous behavior92// High heuristic_ratio or low browser_ratio = suspicious93const heuristicRatio = ja4Signals.heuristic_ratio_1h ?? 0;94const browserRatio = ja4Signals.browser_ratio_1h ?? 0;95if (heuristicRatio > 0.5 || browserRatio < 0.3) {97return new Response('Suspicious traffic', { status: 403 });98}99return fetch(request);101}102};103```104## Common Patterns106See [patterns.md](./patterns.md) for Workers examples: mobile app allowlisting, corporate proxy exemption, datacenter detection, conditional delay, and more.108## Bot Analytics110### Access Locations112- Dashboard: Security > Bots (old) or Security > Analytics > Bot analysis (new)113- GraphQL API for programmatic access114- Security Events & Security Analytics115- Logpush/Logpull116### Available Data118- **Enterprise BM**: Bot scores (1-99), bot score source, distribution119- **Pro/Business**: Bot groupings (automated, likely automated, likely human)120- Top attributes: IPs, paths, user agents, countries121- Detection sources: Heuristics, ML, AD, JSD122- Verified bot categories123### Time Ranges125- **Enterprise BM**: Up to 1 week at a time, 30 days history126- **Pro/Business**: Up to 72 hours at a time, 30 days history127- Real-time in most cases, adaptive sampling (1-10% depending on volume)128## Logpush Fields130```txt132BotScore # 1-99 or 0 if not computed133BotScoreSrc # Detection engine (ML, Heuristics, etc.)134BotTags # Classification tags135BotDetectionIDs # Heuristic detection IDs136```137**BotScoreSrc values:**139- `"Heuristics"` - Known fingerprint140- `"Machine Learning"` - ML model141- `"Anomaly Detection"` - Baseline anomaly142- `"JS Detection"` - JavaScript check143- `"Cloudflare Service"` - Zero Trust144- `"Not Computed"` - Score = 0145Access via Logpush (stream to cloud storage/SIEM), Logpull (API to fetch logs), or GraphQL API (query analytics data).147## Testing with Miniflare149Miniflare provides mock botManagement data for local development:151**Default values:**153- `score: 99` (human)154- `verifiedBot: false`155- `corporateProxy: false`156- `ja3Hash: "25b4882c2bcb50cd6b469ff28c596742"`157- `staticResource: false`158- `detectionIds: []`159**Override in tests:**161```typescript162import { getPlatformProxy } from 'wrangler';163const { cf, dispose } = await getPlatformProxy();165// cf.botManagement is frozen mock object166expect(cf.botManagement.score).toBe(99);167```168For custom test data, mock request.cf in your test setup.170