What's the status of Super Bot Fight Mode?

It seems too risky to use Super Bot Fight Mode at the moment, even when it’s set to challenge “definite bots.” I read some other posts but they’re from a few weeks ago and I know this is a fairly new feature. People were asking for a way to whitelist, but that doesn’t seem like the best solution… more like sweeping it under the rug.

I had 6,000+ firewall events per day, including my own origin server IP classified as a definite bot. This interfered with the REST API, wp-cron.php (loopback requests) and possibly other things. This happened on a website using the Professional plan.

It doesn’t seem to be “definite” enough about what it’s blocking, but I admit this could all be due to something I’ve setup incorrectly outside of Cloudflare. I’ve turned it off for now until I can investigate it further.

When your webserver is trying to connect to Cloudflare this is not a browser client so it’s correct that our system would identify this as a bot. The intention of your software doesn’t change the automated nature of the requests.

1 Like

And that’s why having a way to create firewall rules to bypass SBFM would be ideal.


This topic was automatically closed after 30 days. New replies are no longer allowed.