Can Googlebot pass JS and Captcha challenge? If not, how to whitelist Google for ever?

firewall
#1

Hello,

assumed I set a firewall rule showing a captcha to all IPs.

Question 1. Can Googlebot pass the JS Challenge?

Question 2. Can Googlebot pass the reCaptcha challenge?

Question 3. How can I allow going through for Googlebot for ever, but block/show captches for all others? Whereas such setup is exaggerating, I would like to understand whether it is possible at all.

In addition it can be useful making such settings for a short time, if you are under heavy DDOS attack, but would not like to lose your good Google rating.

Thanks a lot in advance!

#2

#1 and #2, no.

#3, check out cf.client.bot, though keep in mind this will apply to all recognised crawlers, not only Google.

#3

This is even better to have another crawlers as well!

But I wonder how the cf.client.bot works?

Is it user agent based or some intelligent rules (IP addresses, etc) behind it?

The user agent can be easily spoofed what actually botnets do.

It would be great if cf.client.bot works reliable.

Do you have an idea how does it work?

Many thanks in advance!

#4

Cloudflare’s support would need to elaborate on the exact details, but it presumably is a combination of IP blocks and requests headers (e.g. user agent).