Greetings. I have JavaScript that is used by a number of my client’s websites (a service we offer) that calls several of our web service endpoints once the script is loaded on the clients site and downloaded form the browser. I would like to prevent bots from being able to download the JavaScript file or access anything from the end-points the script calls, as these bots appear be screwing with various analytics we track on these endpoints. Both JavaScript and Web Services live under different subdomains from our main website (so technically these resources can be blocked entirely at the subdomain level).
Is this possible and how can I do this? Thank you for your help!
You could try to block some of the know user-agents, bots, or combine multiple different things manually or automatically, or both, depending a bit on your plan type for your zone/domain name
Nevertheless, I am afraid we cannot always get rid of the “bad” bots, but at most cases a good portion of them we can achieve.
Last but not the least, kindly see more by reading Cloudflare articles which contain a lot of helpful information for better understanding and usage as well in terms of Security and Protection:
My advice would be to ask your customers to setup any bot protection on their websites as thats where the issue (likely) comes from.
All analytics vendors have this issue where bots will add bias to the end result, however, that’s something the customer should fight as the vendor has a very limited window to fight bots from loading their analytics.
You could add some bot protection on the JS that’s being loaded but its an incredibly challenging task that requires a ton of maintenance and generally will never be as good as any existing vendor in the market.
