Security Level
Cloudflare’s Security Level (deprecated) uses the threat score to decide whether to present a challenge to the visitor. Once the visitor enters the correct challenge, they receive the appropriate website resources.
Threat score
The threat score (deprecated) measures IP reputation across Cloudflare services. This score is calculated based on Project Honeypot, external public IP information, as well as internal threat intelligence from our WAF managed rules and DDoS.
The threat score of a request has a value from 0 to 100, where 0 indicates low risk. Values above 10 may represent spammers or bots, and values above 40 identify bad actors on the Internet.
Security levels
Security levels (deprecated) are based on the threat score, except Off and I’m Under Attack!. Adjust the security level to challenge incoming requests based on the threat they pose.
The available security levels are the following:
Security Level | Threat score range | Description |
---|---|---|
Off | N/A | Does not challenge IP addresses. |
I’m Under Attack! | N/A | Only for use if your website is currently under a DDoS attack. This mode may affect some actions on your domain, such as your API traffic. |
Essentially off (deprecated) | 50–100 | Only challenges IP addresses with the worst reputation. |
Low (deprecated) | 25–100 | Challenges only threatening visitors. |
Medium (deprecated) | 15–100 | Challenges both threatening and moderately threatening visitors. |
High (deprecated) | 0–100 | Challenges all visitors that exhibited threatening behavior within the last 14 days. |
Higher security level values mean that even requests with a lower risk (that is, with a low threat score) will be challenged. Lower security level values mean that only requests posing a higher risk (that is, with a high threat score) will be challenged.
Security levels from Essentially off to High will challenge the visitor using a Managed Challenge. When you select I’m Under Attack!, which enables I’m Under Attack mode, Cloudflare will present a JS challenge page.
To set a custom security level for your API or any other part of your domain, create a configuration rule.
Update globally
To turn on or off I’m Under Attack mode for your entire zone:
- Log in to the Cloudflare dashboard, and select your account and zone.
- Go to Security > Settings.
- For I’m under attack mode, switch the toggle to On or Off.
Update selectively
To set the security level selectively, do one of the following:
- Configure it via a configuration rule.
- Use the
cf.threat_score
field in an expression (you must use the Expression Editor for this purpose).