top | item 44449648

(no title)

AkshatM | 8 months ago

Joe will be fine. Cloudflare is pretty good at differentiating humans from bot traffic - see how we do it here: https://developers.cloudflare.com/turnstile/

The idea behind the headers is to allow bots to bypass automatic bot filtering, not blockade all regular traffic. In other words:

- we block bots (the website owner can configure how aggressively we block) - unless they say they're from an AI crawler we've vetted, as attested by the signature headers - in which case we let them pay - and then they get to access the content

(Disclosure: I wrote the web bot auth implementation Cloudflare uses for pay per crawl)

discuss

xg15|8 months ago

Thanks for replying! Do you have some provision for false positives as well, like sending a captcha in the body of the 402 response? (So in case the client was a human and not a bot, they could still try to solve the captcha)

grg0|8 months ago

Ok, well, thanks for the clarification.