AWS Lambda requests blocked by Bot Fight Mode

arvindtiwari · August 20, 2021, 10:00am

Hi, we saw that Bot Fight Mode started blocking requests from GCP Cloud Run and AWS Lambda.
What is recommended way when we need to do requests to API hidden under Cloudflare? AWS has many IPs, so I think it’s not a good option to unblock all their IPs. Also, someone else would be allowed to run a real bot from this ip range.
Where should I start looking to solve this issue? For now, we have disabled Bot Fight Mode.

Reposting from another post [GCP Cloud Run and AWS Lambda requests blocked by Bot Fight Mode]

THANKS IN ADVANCE FOR ANY SUGGESTIONS

l.byjos · August 20, 2021, 2:00pm

We have the same issue and all requests from CloudRun were blocked. We disabled Bot Fight Mode as we did not found any solution for it

erictung · August 20, 2021, 2:07pm

Did you mean that previously with Bot Fight Mode on, the issue was not happening at that time?

According to how Bot Fight Mode works, it will challenge ASNs from major cloud providers such as AWS, GCP, Azure and DigitalOcean. So, the issue should already happening since the beginning.

nanankcornering · August 20, 2021, 2:46pm

haven’t treid it yet, but does whitelisting user-agents doesn’t work too?

erictung · August 20, 2021, 2:50pm

Yes. You only have one solution: turn off Bot Fight Mode.

arvindtiwari · August 20, 2021, 3:01pm

Yes, but turning off Bot Fight Mode is a risky solution; there has to be an elegant way to solve this

erictung · August 20, 2021, 3:11pm

Yes - become an Enterprise customer and subscribe Bot Management add-on. But, not every customer has the budget.

Hope you can see the point why Cloudflare never give Free/Pro/Business plan users to exclude certain traffic from Bot Fight Mode / Super Bot Fight Mode.

arvindtiwari · August 20, 2021, 5:11pm

yep, thanks

scott76 · September 3, 2021, 5:02pm

Had this same problem. Figured out a way to make this work with Bot Fight Mode on. On Firewall tab, go to Tools and allow your ASN. Immediately started working for me.

user231 · November 14, 2021, 9:59pm

I’m having this exact same problem. Can you show me how you configured your rule?

I did
(ip.geoip.asnum eq nnnnn)

(where nnnnn is the five digit ASN redacted here) but it isn’t working.

sdayman · November 14, 2021, 10:13pm

That’s not Firewall → Tools. Yours looks more like a Firewall Rule.

user231 · November 15, 2021, 12:17am

That did it - thank you

system · November 18, 2021, 12:17am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
GCP Cloud Run and AWS Lambda requests blocked by Bot Fight Mode DNS & Network	1	2257	July 24, 2021
Whitelisting IPs that are blocked by Super Fight Mode Security	2	2715	April 30, 2021
Bot Fight Mode and Route entire http through cloudflare Security	1	547	November 9, 2023
Bot Fight Mode blocks Cloudflare's own Observatory scan Security	1	843	August 19, 2023
The Never-Ending Nightmare of Bot Fight Mode blocking legitimate APIs Security	2	3779	October 12, 2022

AWS Lambda requests blocked by Bot Fight Mode

Related topics