Skip to content

[Use Cases] Solution guide: Stop malicious bots while allowing legitimate traffic#29531

Draft
codyanthony850 wants to merge 47 commits intoproductionfrom
canthony/stop-malicious-bots-guide
Draft

[Use Cases] Solution guide: Stop malicious bots while allowing legitimate traffic#29531
codyanthony850 wants to merge 47 commits intoproductionfrom
canthony/stop-malicious-bots-guide

Conversation

@codyanthony850
Copy link
Copy Markdown
Contributor

@codyanthony850 codyanthony850 commented Apr 1, 2026

First solution guide for the use-cases section. Covers layered bot defense using Cloudflare tools: Bot Fight Mode, Turnstile, WAF custom rules, rate limiting, and bot score rules.

  • New file: src/content/docs/use-cases/application-security/stop-malicious-bots.mdx
  • Nests under Daniel's application-security/ category structure from Add new use cases documentation #29162
  • Core workflow uses Free and Pro plan features, with callouts for higher tiers
  • Follows solution guide content type conventions: goal-first framing, workflow stages, plan tier callouts
  • Inline procedures will be refactored to partials before merge (tracked in PCX-21341)

Related: PCX-21341

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 1, 2026
edited
Loading

This pull request requires reviews from CODEOWNERS as it changes files that match the following patterns:

Pattern Owners
* @cloudflare/pcx-technical-writing
/src/content/docs/bots/ @patriciasantaana, @cloudflare/pcx-technical-writing
/src/content/docs/turnstile/ @migueldemoura, @punkeel, @patriciasantaana, @cloudflare/pcx-technical-writing
/src/content/docs/waf/ @pedrosousa, @cloudflare/firewall, @cloudflare/pcx-technical-writing

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 1, 2026
edited
Loading

Preview URL: https://009a52af.preview.developers.cloudflare.com
Preview Branch URL: https://canthony-stop-malicious-bots-guide.preview.developers.cloudflare.com

Files with changes (up to 15)

Original Link Updated Link
https://developers.cloudflare.com/use-cases/application-security/bots/stop-malicious-bots/ https://canthony-stop-malicious-bots-guide.preview.developers.cloudflare.com/use-cases/application-security/bots/stop-malicious-bots/
https://developers.cloudflare.com/use-cases/application-security/bots/ https://canthony-stop-malicious-bots-guide.preview.developers.cloudflare.com/use-cases/application-security/bots/
https://developers.cloudflare.com/use-cases/application-security/bots/ https://canthony-stop-malicious-bots-guide.preview.developers.cloudflare.com/use-cases/application-security/bots/
https://developers.cloudflare.com/waf/custom-rules/use-cases/challenge-bad-bots/ https://canthony-stop-malicious-bots-guide.preview.developers.cloudflare.com/waf/custom-rules/use-cases/challenge-bad-bots/
https://developers.cloudflare.com/bots/get-started/bot-fight-mode/ https://canthony-stop-malicious-bots-guide.preview.developers.cloudflare.com/bots/get-started/bot-fight-mode/
https://developers.cloudflare.com/turnstile/get-started/widget-management/dashboard/ https://canthony-stop-malicious-bots-guide.preview.developers.cloudflare.com/turnstile/get-started/widget-management/dashboard/
https://developers.cloudflare.com/waf/custom-rules/create-dashboard/ https://canthony-stop-malicious-bots-guide.preview.developers.cloudflare.com/waf/custom-rules/create-dashboard/
https://developers.cloudflare.com/use-cases/application-security/block-attacks/ https://canthony-stop-malicious-bots-guide.preview.developers.cloudflare.com/use-cases/application-security/block-attacks/

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 3, 2026

This PR requires additional review attention because it affects the following areas:

Redirects

This PR changes current filenames or deletes current files. Make sure you have redirects set up to cover the following paths:

  • /use-cases/application-security/bots/

@codyanthony850
[Use Cases] Extract partials for BFM, custom rules, and Security Even…
bf7f932 
…ts nav

Created 3 partials to share procedures between product docs and solution guide:
- partials/bots/enable-bfm.mdx (Bot Fight Mode enable steps)
- partials/waf/create-custom-rule-nav.mdx (custom rule dashboard nav)
- partials/waf/security-events-nav.mdx (Security Events dashboard nav)

Updated source pages and solution guide to use Render.
@codyanthony850
[Use Cases] Parameterize create-rule-nav partial for reuse across rul…
c4e3b88 
…e types
@codyanthony850
[Use Cases] Remove create-rule-nav partial — below 3-step threshold, …
c87fdbb 
…no second consumer
@codyanthony850
[Use Cases] Remove security-events-nav partial — below 3-step threshold
9e79f4f
@codyanthony850
[Use Cases] Fix Turnstile steps to match source, fix broken Security …
3f108e9 
…Events formatting
@codyanthony850
[Use Cases] Extract Turnstile widget creation partial, add procedure …
47d9267 
…evaluation rule to skill
@codyanthony850
[Use Cases] Extract bot score baseline rules partial, add bot analyti…
fd7f357 
…cs tabs
@codyanthony850
[Use Cases] Add contextual explanations to bot score baseline rules p…
da0fc6c 
…artial
@codyanthony850
[Use Cases] Add consumer comments to partials for dependency tracking
837aa61
@codyanthony850
[Use Cases] Fix plan tier accuracy: Bot Analytics is Business+, bot s…
e4bed94 
…core is Enterprise-only, separate score 1 from 2-29 categories
@codyanthony850
[Use Cases] Fix Turnstile partial formatting (collapsed steps) and es…
73e64f2 
…caped comment characters
@codyanthony850
[Use Cases] Fix escaped asterisks in MDX comments — Write tool escape…
aa1438a 
…s {/* */} in MDX files
@codyanthony850
[Use Cases] Remove (guide) label — no longer needed with nested struc…
e6b5dc9 
…ture
@codyanthony850
[Use Cases] Restructure: expectations before action, form protection …
8614f9c 
…tools before procedures, form rate limiting in forms section
@codyanthony850
[Use Cases] Fix config guidance: Log-first on form rate limiting, exc…
75c72e7 
…eption before enforcement on custom rules
@codyanthony850
[Use Cases] Simplify intro — cut generic opener, lead with reader's d…
3d9defc 
…ecision
@codyanthony850
[Use Cases] Tighten H2 intros — cut justifications, keep to 1-2 sente…
1d9d5fd 
…nces
@codyanthony850
[Use Cases] Fix H3 intros — remove justifications, redundancies, repe…
4aaad15 
…ated context
@codyanthony850
[Use Cases] Restore Turnstile UX detail — no puzzles, invisible in Ma…
2e3c9ca 
…naged mode
@codyanthony850
[Use Cases] Move Turnstile UX detail to comparison section where read…
c9f71e6 
…er is deciding
@codyanthony850
[Use Cases] Remove jargon (heuristics), fix em dash in bot categories
02c379e
@codyanthony850
[Use Cases] Replace inline prose em dashes with commas/parentheses
274b411
@codyanthony850
[Use Cases] Replace tools with products when referring to Cloudflare …
bda3f62 
…offerings
@codyanthony850
[Use Cases] Fix Turnstile/rate limiting — avoid calling a feature a p…
fc72ae3 
…roduct
@codyanthony850
[Use Cases] Link products and features on first mention — provides pr…
656df7f 
…oduct context via URL
@codyanthony850
[Use Cases] Name products in intro, prefix features with product name…
d98d37f 
…, group related resources by product
@codyanthony850
[Use Cases] Add WAF prefix to Security Events on first mention in Ver…
020d3c8 
…ify section
@codyanthony850
[Use Cases] Link products and features on first mention per section —…
9ada760 
… Bot analytics, Bot Management, BFM, SBFM in Verify
@codyanthony850
[Use Cases] Spell out WAF on first mention in page intro
8347116
@codyanthony850
[Use Cases] Add WAF to comparison heading — both sides need equal con…
6accd26 
…text
@codyanthony850
[Use Cases] Add product prefix to all feature headings — WAF custom r…
0cd576d 
…ules, rate limiting, Security Events
@codyanthony850
[Use Cases] Add WAF prefix to H2 heading — Target bot patterns with W…
dd97de3 
…AF custom rules
@codyanthony850
[Use Cases] Add WAF prefix to meta description for product context an…
dbf8001 
…d SEO
@codyanthony850
[Use Cases] Fix WAF naming — long form first, abbreviation in parenth…
f68e7c8 
…eses
@codyanthony850
[Use Cases] Add domain selection context — settings are per-domain, s…
e5c61c0 
…elect domain first
@codyanthony850
[Use Cases] Fix Free plan path for security events — Security > Analy…
94be457 
…tics > Events tab
@codyanthony850
[Use Cases] Add Turnstile nav path — account-level under Application …
51c8b20 
…security
@codyanthony850
[Use Cases] Fix scope — most settings per domain, Turnstile at accoun…
fd65dbf 
…t level
@codyanthony850
[Use Cases] Remove exception preview from intro — Turnstile section h…
9cd3643 
…andles itself
@codyanthony850
[Use Cases] Fix dashboard paths, style issues, and outcome-oriented h…
ec2b9b4 
…eadings
@codyanthony850
[Use Cases] Move plan callouts before gated content, cut promotional …
c747b76 
…Turnstile callout, fix outcome-oriented headings
@codyanthony850
[Use Cases] Complete custom rule creation workflow with verified UI s…
009a52a 
…teps
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pedrosousa pedrosousa pedrosousa left review comments

@migueldemoura migueldemoura Awaiting requested review from migueldemoura migueldemoura will be requested when the pull request is marked ready for review migueldemoura is a code owner

@punkeel punkeel Awaiting requested review from punkeel punkeel will be requested when the pull request is marked ready for review punkeel is a code owner

@patriciasantaana patriciasantaana Awaiting requested review from patriciasantaana patriciasantaana will be requested when the pull request is marked ready for review patriciasantaana is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

product:use-cases size/m

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@codyanthony850 @pedrosousa