I’ve been thinking about testing the new Super Bot Fight Mode that CloudFlare launched a few days ago: Introducing Super Bot Fight Mode
However, there doesn’t seem to be any documentation available about this.
I have a few questions. Anyone else with questions, feel free to chip in on this thread and hopefully we can get them answered by someone from CloudFlare.
- What does “Challenge” mean in the settings? Screenshot by Lightshot
Usually it is possible to choose either “Challenge” or “JS Challenge” and the difference between these is massive when it comes to user experience in case of false positives. One is acceptable, the other a deal-breaker if it ends up challenging too many real users.
- Is it possible to whitelist IPs, ASNs or user agents to let them get past the bot fight mode?
There have been some reports of good bots being blocked, and requests used to trigger CRON jobs being blocked as well. These not working can really hurt a website.
I think this is a very exciting feature, but blocking and challenging requests can have devastating consequences for a site if something goes wrong. So more information is needed about what this does.