After your initial setup, you should plan on a calibration period during which you fine-tune your policies, tightening the ones which are too lax and easing those which are overly severe. In this tutorial, we'll take a look into how to review all denied visits to your site to find policies that might be too strict.

Go to the main page to view your site's visit history, and use the panel on the left to refine your search. Change the authorization to "deny" and click the Filter button. (Similarly, you can filter for "captcha" if you think too many people are being presented with CAPTCHA challenges or filter for "allow" if you want to see if a policy is too lax.)

visit filter form with authorization "deny" selected

The visits table now shows only visits that have been denied.

visits table showing only denied visits

Using this list, you can review denied visits and see if you think they should have been denied. If you are unsure why a visit was denied, the Status column lists the policy responsible for the denial. If you decide that the policy is too strict, you can click on the policy in the Status column to edit it. To add an exception to a policy for a fraction of the affected visitors, consider adding a higher priority policy that applies to certain users instead of directly modifying the policy in question.