Detection IDs

Detection IDs are static rules used to detect predictable bot behavior with no overlap with human traffic. Detection IDs refer to the precise detection used to identify a bot, which could be from heuristics, verified bot detections, or anomaly detections. For example, a detection ID can identify if you sent your headers in a different order than what was expected of your browser.

If you are having an issue with one of our heuristics, detection IDs allow you to decide which heuristics to enforce on your zones using customer configurable heuristics. You can choose unique actions for different bots, detected through Cloudflare’s heuristics engine. You can block, allow, or serve alternate content to specific bots to meet the unique needs of your site’s traffic.

You can use cf.bot_management.detection_ids fields in tools such as:

Custom rules
Advanced Rate Limiting
Transform Rules
Workers (as request.cf.botManagement.detectionIds)

Bot Detection IDs and tags are also available in Bot Analytics and Security Analytics.

Detection tags

Detection tags refer to the category associated with the detection ID at the time that Cloudflare has fingerprinted a bot. For example, if a detection tag is go, this means that Cloudflare has observed traffic from that detection ID from a Go programming language bot.

Log in to the Cloudflare dashboard ↗, and select your account and domain.
Go to Security > Bots.
Apply filters and select Create custom rule to create a custom rule based on those filters.

Alternatively, if you already created a custom rule, go to Security > WAF > Custom rules and edit the expression of an existing custom rule.
Use the cf.bot_management.detection_ids field in the rule expression.
Select Save.

Log in to the Cloudflare dashboard ↗, and select your account and domain.
Go to Security > Analytics.
Apply filters and select Create custom security rule to create a custom rule based on your filters.

Alternatively, if you have already created a custom rule, you can go to the existing rule in Security > Security rules and edit the expression based on your filters.
Use the cf.bot_management.detection_ids field in the rule expression.
Select Deploy.

Use cases

Block requests that match a specific detection ID

any(cf.bot_management.detection_ids[*] eq 3355446)
and not cf.bot_management.verified_bot
and http.request.uri.path eq "/login"
and http.request.method eq "POST"

Run Bot Management without specific detection IDs

cf.bot_management.score lt 30
and not cf.bot_management.verified_bot
and http.request.uri.path eq "/login"
and http.request.method eq "POST"
and not any(cf.bot_management.detection_ids[*] in {3355446 12577893})

Bot Detection IDs via Logpush

You can create or edit existing Logpush jobs to include the Bot Detection IDs field which will provide an array of IDs for each request that has heuristics match on it. The BotDetectionIDs field is available as part of the HTTP Requests dataset and you can add it to new or existing jobs via the Logpush API or on the Cloudflare dashboard. This is the primary method to discover Detection IDs.

Dashboard
API

Log in to the Cloudflare dashboard ↗, and select your account and domain.
Go to Analytics & Logs > Logs.
Select Add Logpush Job.
Select HTTP Requests as the dataset.
Select BotDetectionIDs under the General data field category.
Select and enter the destination information.
Prove the ownership.
Select Save.

Update your logpush job by adding BotDetectionIDs to the output_options: parameters.

Availability

Detection IDs are available for Enterprise Bot Management customers.

Was this helpful?

Community
X
Discord
YouTube
GitHub