Questions About Cloudflare Super Bot Fight Mode

You caught me. Yes. Yes I do.

This new feature is ~= 2 weeks old. The product team has been actively soliciting feedback and making changes and improvements. I’ll absolutely pass on your thoughts.

5 Likes

Don’t roll 2 week old features out to paying customers. If you want to be a smartass to paying customers, you also nailed that. Nothing chaps my ■■■ more than a paid employee of a company getting an attitude from someone when they hear something they don’t like.

You just admitted you rolled a 2 week old feature out to paying customers that is harming websites and you want to get an attitude with me? It was a legitimate question. Nothing about this feature being rolled out the way it was make sense. It is flooring.

1 Like

Woohoo - Homer Simpson

I’ve filed dozens of feature requests, logged hundreds of hours of discussions with product managers and developers based on feedback (some positive, some quite negative) about Cloudflare features and functionality. I think there is tons of room for improvement in the Super Bot Fight Mode feature and a number of other offerings that Cloudflare could offer its paid plans to combat bots and other unwanted traffic.

I actually explicitly asked you for feedback because you didn’t like the answer from support. Based on your feedback though it sounds like support got it right. Is that not correct?

I appreciate you don’t like the new feature as it exists today. I didn’t "admit "to rolling out a 2 week old feature however. The product was announced 2 weeks ago. The day it was announced it was a 1 day old feature. It’s now been ~ 2 weeks since the blog post.

Actually it blocked several. We did give customer a level of control… that is described in the support response. We are working to provide more / different controls. It may be that as we continue to iterate on the feature it never meets your specific needs and use case. That would be unfortunate but not all features Cloudflare offers are appropriate for all customers.

1 Like

A couple of which were really unfortunate. I am extremely hopeful that the development team will quickly release a fix for at least one of those (health checks) and include some additional unit tests to ensure that one doesn’t come back in some fashion as additional functionality is released.

1 Like

Hopefully your development team has better quality control in the future because this is awful. Your support gave me options. Pay thousands of dollars a month to prevent the feature from blocking legitimate traffic or disable it. Thanks for rolling that out to us little guys at the bottom who pay for Cloudflare.

Yes and as you stated while these aren’t the best options in a perfect world they are the only available options today.

In general Matthew our CEO has pushed consistently for enterprise grade features to be pushed down the stack as far as we can. I appreciate that you aren’t happy with the quality of this release/ feature today and I have indeed passed on that feedback as I said I would. If we got every feature perfect 100% of the time we’d be doing it wrong, sometimes we’re more right than others… clearly for you and your use case this falls into the ‘than others’ category. Hopefully as we improve the products you’ll find it valuable or a different feature set we offer will offset it.

‘The little guys’ are forefront in so much of what I work on day to day that I’m sad that customers think otherwise. In the Teams product there is very little in terms of functionality that is Enterprise only today and the documentation team has been working to make the associated documentation understandable to a prosumer wherever possible.

2 Likes

We will see what happens then. I’ve covered all my complaints and you have listened and relayed them. Thank you.

2 Likes

Just an idea, but it might be wise to have a “Beta” mode where the users can opt whether to participate in early features that might involve risks such as the ones seen in super bot fight mode.

I know there are signup phases, but as far as I know, those are manually approved and Enterprise customers always have priority, this beta mode would allow the usage of those riskier features only after the user acknowledges that they are still new and subject to have unexpected behaviors/issues.

1 Like

Hi Chris,

In general Matthew our CEO has pushed consistently for enterprise grade features to be pushed down the stack as far as we can.

As a feedback to that, it would be amazing to have BFM as a part of firewall functionality for payed accounts, not just enterprise.

1 Like

Again, a really quick temporary workaround until engineers figure out how to make BFM and SBFM not break non-enterprise level customer’s sites would be some relatively simple disclaimer text near the toggle(s) to turn them on.

1 Like

Yeah, Super Bot Fight Mode (SBFM) can definitely use many improvements. And it all needs to happen fast!

Here’s what we submitted to Cloudflare Support (via tickets) with no action so far: (we always get the “great idea” answer, but nothing happens)

(1) SBFM does not provide a universal on-off switch. The only way to turn off this feature is to change each related sub-menu bot item.

Click here for details: Screenshot by Lightshot

(2) We purchased Cloudflare’s Pro Plan via SiteGround. Unfortunately, we cannot change the default settings for SBFM in this case. They are FROZEN!

Cloudflare Support confirmed our issue and stated they are working with DevOPs to fix the issue.

Doesn’t Cloudflare coordinate their new features with their resellers (or perform proper testing) before launching a new plan feature to make sure it’s active to all plan purchasers?

In short, SBFM is full of issues and deserves to be fixed ASAP.

Common’ Cloudflare, gotta move fast on this.

Thank you!

Regarding (1) you can set it on sensor mode to essentially switching it off, Cloudflare collects data anyways so between that and switching it off there should be no difference.
(2) Seems to be a problem on siteground

1 Like

(1) Sensor mode? Can you elaborate? Where can we find that? The global ON/OFF switch is still needed.

(2) What makes you believe it’s a Siteground issue? Did you confirm that with them? Other SG users are having the same problem. In any case, Cloudflare needs to communicate better with its resellers.

  1. Sensor mode is essentially setting the bot mode to do nothing and just record what happens on your site.
  2. If it works on the dashboard it’s likely working for resellers, the dashboard consumes cf api itself so…CF is not the one at blame in this case.

Appreciate your help!

(1) SBFM should be a fire-and-forget tool with no monitoring required on our part. That’s why we purchased the Pro Plan.

(2) Unfortunately, our options (dropdowns and switches) are not working at all - as stated above. I believe CF is already working on a fix.

Cheers!

Has there been any update?

Thanks @cscharff for your explanation of this and being so candid about the feature as it has / will continue to evolve. I’m in the same boat as many others here, I was hoping for the ability to add a firewall rule with Action: Bypass, Feature: Super Bot Fight Mode so I could control it a bit better. Two examples I had in mind

  • Allow bots from these IPs
  • Allow bots to this subdomain

I was surprised that setting an IP to Allow in IP Access Rules doesn’t bypass it, since it seems to let that IP bypass everything else on the Firewall tab.