Understanding Cloudflare User Agent Blocking
User Agent Blocking (UA) rules block specific browser or web application User-Agent request headers. UA rules apply to the entire domain instead of individual subdomains. UA rules are applied after Zone Lockdown rules, so permitting an IP address via Zone Lockdown skips UA rules.
The maximum number of allowed UA rules is based on plan type:
- Free: 10
- Lite: 50
- Pro: 50
- Pro Plus: 250
- Business: 250
- Enterprise: 1,000
Create a User Agent Blocking rule
1. Log in to your Cloudflare account.
2. Select the appropriate domain.
3. Navigate to Security > WAF > Tools.
4. Under User Agent Blocking, click Create Blocking Rule.
5. Enter the Name/Description.
6. Select an applicable Action of either Block, Interactive Challenge, Managed Challenge, or JS challenge.
7. Enter the User Agent. For example, to block the Bad Bot web spider:
Note: Wildcards (*) are not supported.
8. Click Save and Deploy.