Search code examples
cloudflare

How to block bots in cloudflare?

How to block all bots except Google bot. I am using Cloudflare but I am confused, how to do.

I want all bots except these face Cloudflare JS Challenge. Screenshot will be helpful. And also, do the users/visitors will face JS Challenge.

Solution

  • Currently there is no easy way to block all bots using Cloudflare (I can say that after a lot of research and many useless chats with their support).

    At the moment Cloudflare can only:

    • block malicious bots that perform attacks detected by WAF rules (e.g. SQL injections)
    • block malicious bots that performed attacks or sent spam in the past (based on their IP reputation)
    • block malicious bots that are part of a DDoS attack
    • rate limit bots and users using the rate limiting feature
    • detect and whitelist safe / known bots (cf.client.bot) like Google

    There is also an interesting feature called Bot Management, which is available only for Enterprise customers ($2k/mo). That feature provides a bot score, based on the actual behavior of the client (similarly to reCAPTCHA v3). The score (and other related features) should make it easier to block most bots at firewall level.