Yes, because I have Bot Fight Mode enabled and using Firewall Rules to block crawlers, SEO spiders (ahrefs, semrush, criteobot, etc.) and setup as on the below screenshot.
Moreover, from the given links from previous reply, for example there is an allowed “ahrefs” but I block it using Firewall rule.
Well, in Firewall events for 60+ domains where Bot Fight Mode is enabled, while Yandex, Google Search and Bing bot are working normally at least for me and can access /feed/ of WordPress websites and can index the sitemap.xml files (even access the robots.txt file and see what sitemap URL is there being added to crawl it on daily basis), while others are logged as “JS challenge”.
Which would mean, if real human is behind that IP addres, all good, otherwise, either it cannot pass the challenge and cannot access the requested URL.
We can also check them by an IP at https://www.abuseipdb.com/.
Could be I am wrong, but, currently as far as I see, it is working fine for my domains at Cloudflare.