Cloudflare Docs
Firewall
Cloudflare Docs
Firewall Rules
Search icon (depiction of a magnifying glass)
GitHub icon
Visit Firewall Rules on GitHub
Set theme to dark (⇧+D)

Block requests based on IP reputation

A powerful feature of firewall rules is its support for Cloudflare’s IP reputation score. To block requests based on IP reputation, use the cf.threat_score field, which can contain a score from 0 to 100. Reputation scores are collected from Project Honeypot.

This example blocks requests based on country code ( ISO 3166-1 Alpha 2 format), from IP addresses that score greater than 0. This is equivalent to setting the Security Level in Security > Settings to High. For more, refer to Understanding the Cloudflare Security Level.

ExpressionAction
(ip.geoip.country in {"CN" "TW" "US" "GB"}) or cf.threat_score > 0Block