AASA-Bot/1.0.0 & Other known good bots are denied by Super Bot Fight Mode


Recently noticed my app deep links are no longer working and viewing the WAF events I can see that everything with AASA-Bot/1.0.0 is being blocked. Also had a report from our marketing team that Google ads bots are not able to access the site correctly.

How can I add an exception for this bot? It isn’t possible to allow specific UAs over the bot fight mode? Can this be added to the list of known good bots? It seems to be lacking some very essential bots by major vendors.

From the docs
Currently, you cannot bypass Bot Fight Mode or Super Bot Fight Mode. For more information on these products, refer to Cloudflare bot solutions.

If you need bots to access your site, then you probably want to have Super Bot Fight Mode off. It is extremely aggressive at stopping bots and should only be used when you are under attack from bots.

1 Like

Thanks makes sense. Very frustrating lack of granularity for this feature since basically within one day of turning off the feature I usually see malicious traffic increase.

Is there anyway to maybe leverage a worker for this? Not sure which layer this level of security is enabled. My basic logic is that any security or firewall rules fire before a worker executes but since in the short term I just need some JSON for apple available.

Or is there some WAF rule I can set up that says block bots, either from a list or based on a score some metric, unless the URL is the well known association files?

Not really, the good news is that Cloudflare is aware of the issue and seems to have a fix planned for 2023. Probably Q1 or Q2.

Until then, I’d keep the feature disabled.

1 Like

Is there a post to this? That’s really good news.

Probably this:

1 Like

Is there a post to this? That’s really good news.

We are working on that functionality now. Probably Q1 or Q2 is accurate :slight_smile:

That said, this is a bot we should be recognizing as a verified bot and we have been recognizing it in the past! It looks like Apple’s no longer using the method we were relying on.

I’m reaching out to the appropriate team at Apple to find a solution.


In 2023, we will give everyone the ability to write their own flexible Bot Fight Mode rules, so that every Cloudflare customer can join the fight against bots!


Awesome, I missed this one. Thanks for the reply. This is fantastic news. We can finally start using bot fight mode if this works out. Bot scrapers may be worried in 2023 now.

1 Like

Was there ever a response from the Apple team? Thanks

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.