Multiple Legitimate Website Tools Are Not Included as Verified Bots

What is the name of the domain?

https://www.phillyinjurylawyer.com

What is the error number?

403 Forbidden (status) 200 Error (schema.org)

What is the error message?

Forbidden

What is the issue you’re encountering

“Good” bots from reputable websites getting 403 errors

What steps have you taken to resolve the issue?

Set Security> Bots > Definitely automated to “Allow”

This appears to be the only way to resolve as some important ones e.g. schema.org, https://httpstatus.io etc are getting a 403 / 200 error when trying to access the site.

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full (strict)

What are the steps to reproduce the issue?

Set Security> Bots > Definitely automated to “Block” or “Managed Challenge”

Screenshot of the error

Companies need to apply to have their bots verified: Verified Bots Policy · Cloudflare bot solutions docs

You can find a list of currently verified bots here: https://radar.cloudflare.com/traffic/verified-bots

For bots that you want to allow access to your site that aren’t on the list, you’d have to manually create bypass rules in the WAF.

2 Likes

The bot in question I would have thought would have been considered manually triggered (by me) rather than “Definitely Automated” and therefore blocked?

I use alot of web based tools. The two I mentioned are ones that were noticed in the past two days, I’m quite sure many other legitimate tools have been blocked as well over the past number of months (and a little worried that our rank has dropped considerably if other legitimate ones were blocked due to not filling out a form).

Surely the bigger recognized tools (schema. org for example) should be included automatically to at least a grey list where they are allowed unless otherwise blocked by the user, Cloudflare’s AI or reported as bad by a significant number of persons.

“A bot manager product allows good bots to access a web property while blocking bad bots. Cloudflare Bot Management uses machine learning and behavioral analysis of traffic across their entire network to detect bad bots while automatically and continually allowlisting good bots. Similar functionality is available for smaller organizations with Super Bot Fight Mode, now included in Cloudflare Pro and Business plans.”

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.