Enhanced Captcha Customization

Ability to customize signals used to calculate “risky” login for captcha

We would like the ability to use additional metrics/request metadata (e.g. country or hosting provider a request is originating from, or a custom header) to customize the logic that determines when a captcha is shown. The existing bot detection level from low → high is not sufficient for our needs.

We are in need of fine grained controls over when to present captcha in order to mitigate and address potential attacks on our site. The existing low-> high slider does not provide us with the ability to block known bad actors the way we can in Cloudflare or our other tools and we want all of our logic that deals with this blocking to be in one place rather than split across multiple providers and services.

Happy to provide additional specifics and clarification based on what we have seen so far and what we are doing if that is helpful!