Super Bot Fight Mode is included in your Pro, Business, or Enterprise subscription. When enabled, the product:

Identifies traffic matching patterns of known bots

Can challenge or block bots

Offers protection for static resources

Provides limited analytics to help you understand bot traffic

Accounts with an Enterprise subscription but not the Bot Management add-on will have Super Bot Fight Mode for Business.

Considerations

Bot Fight Mode and Super Bot Fight Mode use the same underlying technology that powers our Bot Management ↗ product. Specifically, these products:

Protect entire domains without endpoint restrictions

Cannot be customized, adjusted, or reconfigured via WAF custom rules

Although these products are designed to fight malicious actors on the Internet, they may challenge API or mobile app traffic. For more granular control, upgrade to Bot Management for Enterprise.

Enable Super Bot Fight Mode

Note If you are upgrading from Bot Fight Mode to Super Bot Fight Mode, you must disable Bot Fight Mode in your Bot settings. To turn off Bot Fight Mode, go to Security > Bots and select Configure Super Bot Fight Mode.

To start using Super Bot Fight Mode:

Log in to the Cloudflare dashboard ↗ and select your account and domain. Go to Security > Bots. Select Configure Super Bot Fight Mode. Choose how your domain should respond to various types of traffic: For more details on verified bots, refer to Verified Bots.

For more details on supported file types, refer to Static resource protection.

For more details on invisible code injection, refer to JavaScript detections.

Warning If your organization also uses Cloudflare Tunnel, keep Definitely Automated set to Allow. Otherwise, tunnels might fail with a websocket: bad handshake error.

Conditions

In parts of your site where you want bot traffic, you can use the Skip action in WAF custom rules to specify where Super Bot Fight Mode should not run.

You can use the Rules language and its operators and fields in custom rules to configure a scoped rule for approved automated traffic in Super Bot Fight Mode.

Disable Super Bot Fight Mode

If you find that Super Bot Fight Mode is causing problems with your application traffic, you may want to disable it.

To disable Super Bot Fight Mode:

Log in to the Cloudflare dashboard ↗ and select your account and domain. Go to Security > Bots. Click Configure Super Bot Fight Mode. For all bot groupings (Definitely automated, Verified bots, etc.), set the value to Allow. For all other options (Static resource protection, JavaScript Detections), make sure the toggles are Off.

Block AI bots

To block AI bots:

Log in to the Cloudflare dashboard ↗ and select your account and domain. Go to Security > Bots. Select Configure Super Bot Fight Mode. Enable Block AI bots.

Note You can view blocked AI bot traffic via Security Analytics.

Enable AI Labyrinth

The AI Labyrinth adds invisible links on your webpage with specific Nofollow tags to block AI crawlers that do not adhere to the recommended guidelines and crawl without permission. AI crawlers that scrape your website content without permission will be stuck in a maze of never-ending links, and their details are recorded and used by all Cloudflare customers who choose to block AI bots.

These links do not impact your search engine optimization (SEO) or your website's appearance, and are only seen by bots. AI bots that respect no-crawl instructions will safely ignore this honeypot.

To enable AI Labyrinth:

Log in to the Cloudflare dashboard ↗ and select your account and domain. Go to Security > Bots. Select Configure Super Bot Fight Mode. Enable AI Labyrinth.

Analytics

Bot Report

Use the Bot Report to monitor bot traffic for the past 24 hours.

To access the Bot Report, go to Security > Bots. If you see a double-digit percentage of automated traffic, you may want to upgrade to Bot Management to save money on origin costs and protect your domain from large-scale attacks.

Security events

You can see bot-related actions by going to Security > Events. Any requests challenged by this product will be labeled Super Bot Fight Mode in the Service field. This allows you to observe, analyze, and follow trends in your bot traffic over time.

Ruleset Engine

Super Bot Fight Mode runs during the http_request_sbfm phase of the Ruleset Engine.