Cloudflare Docs
Bots
Edit this page
Report an issue with this page
Log into the Cloudflare dashboard
Set theme to dark (⇧+D)

Get started with Bot Fight Mode

Bot Fight Mode is a simple, free product that helps detect and mitigate bot traffic on your domain. When enabled, the product:

​​ Enable Bot Fight Mode

To start using Bot Fight Mode:

  1. Log in to the Cloudflare dashboard and select your account and domain.
  2. Go to Security > Bots.
  3. For Bot Fight Mode, select On.

​​ Disable Bot Fight Mode

If you find that Bot Fight Mode is causing problems with your application traffic, you may want to disable it.

To disable Bot Fight Mode:

  1. Log in to the Cloudflare dashboard and select your account and domain.
  2. Go to Security > Bots.
  3. For Bot Fight Mode, select Off.

​​ Block AI bots

You can block artificial intelligence (AI) bots, crawlers, and scrapers from scraping your website content and training large language models (LLM) to recreate it without your permission. When you enable this feature, Cloudflare deploys a custom rule to detect and block AI bots from your website.

  1. Log in to the Cloudflare dashboard and select your account and domain.
  2. Go to Security > Bots.
  3. Select Configure Bot Fight Mode.
  4. Enable Block AI bots.

​​ Visibility

You can see bot-related actions by going to Security > Events. Any requests challenged by this product will be labeled Bot Fight Mode in the Service field. This allows you to observe, analyze, and follow trends in your bot traffic over time.

​​ Limitations

You cannot bypass or skip Bot Fight Mode using the Skip action in WAF custom rules or using Page Rules (legacy). Skip, Bypass, and Allow actions apply to rules or rulesets running on the Ruleset Engine. While Super Bot Fight Mode rules are implemented in the Ruleset Engine, Bot Fight Mode checks are not. This is why you can skip Super Bot Fight Mode, but not Bot Fight Mode. If you need to skip Bot Fight Mode, consider using Super Bot Fight Mode.

Bot Fight Mode can still trigger if you have IP Access rules, but it cannot trigger if an IP Access rule matches the request. For example, the IP Access rule matches the connecting IP.