Bot fight mode cannot be bypassed by firewall rules

Firewall allow rules seem to be ignored if the user is blocked by the Bot fight mode service. Even though blocked users are logged in the firewall events, showing the bot fight mode events and encouraging you to set up a firewall rule to modify access, I cannot write any rule that will successfully disable the bot fight mode even when they match my rule. There seems to be no documentation on this topic, but my best guess is the bot fight mode doesn’t even consult the firewall rules whatsoever, which is a huge oversight of the system if that is the case.


Can you post a screenshot of that? You can’t bypass Bot Fight Mode with any settings…yet.

OK, but that should be clearly documented, because it’s very frustrating to spend time debugging a firewall to fix something that cannot be fixed. There is currently no mention of that limitation anywhere, so only someone such as yourself, with insider knowledge, would ever know that.

A screenshot of what? A bot flight event? I suppose I could although it’s a little bit of an invasion of privacy. I’m not sure what it’s supposed to prove, though. Or did you want a screenshot of the “encouragement”? I refer to it that way because you can filter those events and then create a firewall rule based on that filter (which does nothing).

This bit me today too as I have agent rules in place for my apps to have unhindered access. Took a bit to figure out what was happening. This is a huge oversight in design, this bot fight mode needs to honor firewall rules.

I shut off this new service to get my apps working again.

We want to allow access to an API for selected customers who access it using curl or wget etc, while at the same time blocking the numerous malicious bots and scrapers that constantly attack our sites.

Activating bot fight mode blocks our customers, even if we whitelist their access using firewall rules.

I raised a support ticket for this bug and Cloudflare just fobbed me off and told me it wasn’t a bug. According to them there is nothing we can do about this except disable bot fight mode. Of course they also said if you pay an obscene amount and upgrade to an Enterprise plan then maybe they can help…


