(cf.client.bot) or (http.user_agent contains "duckduckgo") or (http.user_agent contains "facebookexternalhit") or (http.user_agent contains "Feedfetcher-Google") or (http.user_agent contains "LinkedInBot") or (http.user_agent contains "Mediapartners-Google") or (http.user_agent contains "msnbot") or (http.user_agent contains "Slackbot") or (http.user_agent contains "TwitterBot") or (http.user_agent contains "ia_archive") or (http.user_agent contains "yahoo") or (http.user_agent contains "bingbot") or (http.user_agent contains "YaBrowser") or (http.user_agent contains "letsencrypt") or (http.user_agent contains "Google-Display-Ads") or (http.user_agent contains "GoogleAdSenseInfeed") or (http.user_agent contains "Googlebot") or (http.user_agent contains "Baiduspider")

(cf.threat_score ge 10 and not cf.client.bot) or (not http.request.version in {"HTTP/1.2" "HTTP/2" "HTTP/3" "SPDY/3.1"} and cf.threat_score ge 10) or (not http.user_agent contains "Mozilla/")

(not http.request.version in {"HTTP/1.2" "HTTP/2" "HTTP/3" "SPDY/3.1"}) or (cf.threat_score ge 4 and not cf.client.bot)

(http.request.uri.path contains "/")