Cloudflare Docs
Visit Support on GitHub
Set theme to dark (⇧+D)

Understanding Cloudflare User Agent Blocking

​​ Overview

User Agent Blocking (UA) rules block specific browser or web application  User-Agent request headers.  UA rules apply to the entire domain instead of individual subdomains.  UA rules are applied after  Zone Lockdown rules, so permitting an IP address via Zone Lockdown skips UA rules.

The maximum number of allowed UA rules is based on plan type: 

  • Free: 10
  • Lite: 50
  • Pro: 50
  • Pro Plus: 250
  • Business: 250
  • Enterprise: 1,000

​​ Create a User Agent Blocking rule

1. Log in to your Cloudflare account.

2. Select the appropriate domain.

3. Navigate to Security > WAF > Tools.

4. Under User Agent Blocking, click Create Blocking Rule. 

5. Enter the Name/Description.

6. Select an applicable Action of either Block, Interactive Challenge, Managed Challenge, or JS challenge.

7. Enter the User Agent.  For example, to block the Bad Bot web spider:

BadBot/1.0.2 (+

Note: Wildcards (*) are not supported.

8. Click Save and Deploy.