Just wanna note that the domain owner is the one who elected to use that level of security check, though TBF CF doesn’t make it very granular (and why enterprises tend to use their own WAFs)
Edit: for the record I don’t at all judge. Web has rampant bit activity these days and it’s a lot even for a large team.
Slash there are other settings in CF that could affect the behavior so it could be something else. Sae a comment that it was login-aware which makes me think it’s more than just the security levels
there are quite a few ways to use more granular targeting. for example, we have specific url patterns that get challenged if certain headers have certain values and are missing others, while other urls won’t get challenged.
Just wanna note that the domain owner is the one who elected to use that level of security check, though TBF CF doesn’t make it very granular (and why enterprises tend to use their own WAFs)
https://duckduckgo.com/?q=cloudflare+security+levels&ia=images&iax=images&iai=https%3A%2F%2Fmediafortress.com.au%2Fwp-content%2Fuploads%2F2022%2F08%2FCloudflare-security-level.gif
Edit: for the record I don’t at all judge. Web has rampant bit activity these days and it’s a lot even for a large team.
Slash there are other settings in CF that could affect the behavior so it could be something else. Sae a comment that it was login-aware which makes me think it’s more than just the security levels
there are quite a few ways to use more granular targeting. for example, we have specific url patterns that get challenged if certain headers have certain values and are missing others, while other urls won’t get challenged.