AWS Lambda requests blocked by Bot Fight Mode

Hi, we saw that Bot Fight Mode started blocking requests from GCP Cloud Run and AWS Lambda.
What is recommended way when we need to do requests to API hidden under Cloudflare? AWS has many IPs, so I think it’s not a good option to unblock all their IPs. Also, someone else would be allowed to run a real bot from this ip range.
Where should I start looking to solve this issue? For now, we have disabled Bot Fight Mode.

Reposting from another post [GCP Cloud Run and AWS Lambda requests blocked by Bot Fight Mode]


We have the same issue and all requests from CloudRun were blocked. We disabled Bot Fight Mode as we did not found any solution for it

Did you mean that previously with Bot Fight Mode on, the issue was not happening at that time?

According to how Bot Fight Mode works, it will challenge ASNs from major cloud providers such as AWS, GCP, Azure and DigitalOcean. So, the issue should already happening since the beginning.

haven’t treid it yet, but does whitelisting user-agents doesn’t work too?

Yes. You only have one solution: turn off Bot Fight Mode.

1 Like

Yes, but turning off Bot Fight Mode is a risky solution; there has to be an elegant way to solve this

Yes - become an Enterprise customer and subscribe Bot Management add-on. But, not every customer has the budget.

Hope you can see the point why Cloudflare never give Free/Pro/Business plan users to exclude certain traffic from Bot Fight Mode / Super Bot Fight Mode.

yep, thanks

Had this same problem. Figured out a way to make this work with Bot Fight Mode on. On Firewall tab, go to Tools and allow your ASN. Immediately started working for me.

I’m having this exact same problem. Can you show me how you configured your rule?

I did
(ip.geoip.asnum eq nnnnn)

(where nnnnn is the five digit ASN redacted here) but it isn’t working.

That’s not Firewall → Tools. Yours looks more like a Firewall Rule.

That did it - thank you

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.