How to whitelist my own bot

Our website is getting a massive amount of bot traffic which is overwhelming the backend server.
So I recently enabled “Super Bot Fight Mode”, to issue a managed challenge to “Definitely Automated” traffic.

But I now want to run my own bots against the site, to do things like latency measurement, and detecting and removing cached wordpress admin toolbars.
Is there any way I can bypass bot-fight mode for my bots - something like adding a header containing a secret generated for my site?

Greetings,

Thank you for asking.

I’d suggest you to whitelist the origin host/web server IP at Cloudflare → Security → WAF → Tools → IP Access Rules with the action “allow” for your Website.

Should look like on the below screenshot as an example:

Furthermore, if you’d like to have your bot being added to a verified bot list, kindly see more information about it below in case if you run a “Good bot” and want Cloudflare to verify/whitelist it:

See here the list of the curretly added:

If so, then below Form could help you:

Are you having an issue here?
If so, may I ask if you are using custom Page Rules with Cache Level: Cache Everything? :thinking:

1 Like

Hi Fritex,
Thanks for your very informative reply…

I’d suggest you to whitelist the origin host/web server IP a

done. It works. Thanks!

Furthermore, if you’d like to have your bot being added to a verified bot list

done. Although now that whitelisting works, how do I cancel my verified bot request?

detecting and removing cached wordpress admin toolbars
Are you having an issue here?
If so, may I ask if you are using custom Page Rules with Cache Level: Cache Everything?

Yes.
Should I remove these rules? Because I do need the wordpress pages to be served from the CF cache. My main site is on the Business plan. But the smaller ones are on the free tier.
The main site does use the Wordpress plugin + APO. But it is not clear from the documentation what APO actually does, and whether it caches as aggressively as we need.(We basically need to cache everything on the site, and only invalidate a cached page when it is edited).
It would be helpful if we could examine the page rules that APO creates.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.