Rule 1: Allow Good Bots | Rule 2: Block Potentially Malicious Requests | Rule 3: Block Bad Bots | Rule 4: JS Challenge
In some cases I want to keep bots off a page, but I don’t want to block or unduly inconvenience humans. A JavaScript challenge will display an interstitial page for about five seconds while Cloudflare performs a magical check to verify the visitor is human. Suspected bots will be served a Captcha.
1. Contact Page. I want to keep bots off my Contact page to reduce spam emails.
2. Strange Searches. Routinely inspecting my log file, I noticed a large number of strange search requests, for pages that do not exist, almost always from China IP addresses. I have no idea what they’re playing at.
(http.request.uri.path contains "/contact-kenny") or
(http.request.full_uri contains "/?s=" and not http.referer contains "wppov.com")
Then: JS Challenge
