A few years ago, I found myself under attack from a scraper bot that changed IPs each time I blocked it. I used the API to block this bot which I was able to detect by a signature, and within seconds it would change IP. Not sure how they did that, but I saw that their requests came from hosting companies and I decided to use the API to ban any ASNs used by the bot, as my site is aimed at real users not bots. My custom 403 page invites blocked human users to get in touch, which occasionally someone does (nearly always VPN users) and I have never looked back or seriously felt I was missing legitimate traffic.
Blocking hundreds of ASNs was the nuclear option and I went for it. Now, I see there is Bot Fight Mode.
My question is, given that my Firewall security level was already set to Medium and plenty of bots were getting through, how different will Bot Fight Mode really be? And, if I decide to try it, can I temporarily disable my hundreds of ASN rules without losing them?
Any comments are welcome! Thanks!