Adding Good Bots Firewall Rule In A Way That Blocks All Other Bots

Hello. Instead of updating my Block Bad Bots firewall rule list with new bots every now and then (maximum expression size is 4096), I was wondering if there’s a rule that only allows specified good bots and blocks all other bots just like the way you would set one IP address to access your WP-Admin area.


There is an option cf.client_bot which can be used in a Firewall Rule, and the list of “good” and “known” bots can be found at the link below → contains few examples, take a look:

Either use a Page Rule to set “Security Level: High” for WordPress admin area (correctly wp-login.php).
Enable the Browser Integrity Check option for your website.
Make sure your DNS records are proxied and set to :orange: .

Furthermore, you can block some user-agents, crawlers, etc., there are few I would recommend to add to your Firewall Rules , like the posted here:

Using Firewall → Tools → IP Access Rules you can block some know “bad” ASN:

In terms of securing your Website by using Cloudflare, there are multiple ways to achieve this, and there are some differences between the Plan you are using.

As far as I see you are using WordPress, kindly may I suggest below article as it cointains really good examples and external sources:

Therefore, some Firewall Tips are published here:

Using the search :search: :

May I suggest below article for more useful information:

What about these GitHub - SukkaW/cloudflare-block-bad-bot-ruleset: Block malicious crawlers with Cloudflare Firewall Rules and apache-ultimate-bad-bot-blocker/bad-user-agents.list at master · mitchellkrogza/apache-ultimate-bad-bot-blocker · GitHub

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.