Super Bot Fight Mode
Super Bot Fight Mode is included in your Pro, Business, or Enterprise subscription. When enabled, the product:
- Identifies traffic matching patterns of known bots
- Can challenge or block bots
- Offers protection for static resources
- Provides limited analytics to help you understand bot traffic
Accounts with an Enterprise subscription but not the Bot Management add-on will have Super Bot Fight Mode for Business.
Bot Fight Mode and Super Bot Fight Mode use the same underlying technology that powers our Bot Management ↗ product. Specifically, these products:
- Protect entire domains without endpoint restrictions
- Cannot be customized, adjusted, or reconfigured via WAF custom rules
Although these products are designed to fight malicious actors on the Internet, they may challenge API or mobile app traffic. For more granular control, upgrade to Bot Management for Enterprise.
To start using Super Bot Fight Mode:
-
Log in to the Cloudflare dashboard ↗ and select your account and domain.
-
Go to Security > Bots.
-
Select Configure Super Bot Fight Mode.
-
Choose how your domain should respond to various types of traffic:
- For more details on verified bots, refer to Verified Bots.
- For more details on supported file types, refer to Static resource protection.
- For more details on invisible code injection, refer to JavaScript detections.
In parts of your site where you want bot traffic, you can use the Skip action in WAF custom rules to specify where Super Bot Fight Mode should not run.
You can use the Rules language and its operators and fields in custom rules to configure a scoped rule for approved automated traffic in Super Bot Fight Mode.
If you find that Super Bot Fight Mode is causing problems with your application traffic, you may want to disable it.
To disable Super Bot Fight Mode:
- Log in to the Cloudflare dashboard ↗ and select your account and domain.
- Go to Security > Bots.
- Click Configure Super Bot Fight Mode.
- For all bot groupings (Definitely automated, Verified bots, etc.), set the value to Allow.
- For all other options (Static resource protection, JavaScript Detections), make sure the toggles are Off.
In parts of your site where you want bot traffic, you can use the Skip action in WAF custom rules to specify where Super Bot Fight Mode should not run.
You can use the Rules language and its operators and fields in custom rules to configure a scoped rule for approved automated traffic in Super Bot Fight Mode.
To block AI bots:
- Log in to the Cloudflare dashboard ↗ and select your account and domain.
- Go to Security > Bots.
- Select Configure Super Bot Fight Mode.
- Enable Block AI bots.
The AI Labyrinth adds invisible links on your webpage with specific Nofollow tags to block AI crawlers that do not adhere to the recommended guidelines and crawl without permission. AI crawlers that scrape your website content without permission will be stuck in a maze of never-ending links, and their details are recorded and used by all Cloudflare customers who choose to block AI bots.
These links do not impact your search engine optimization (SEO) or your website's appearance, and are only seen by bots. AI bots that respect no-crawl instructions will safely ignore this honeypot.
To enable AI Labyrinth:
- Log in to the Cloudflare dashboard ↗ and select your account and domain.
- Go to Security > Bots.
- Select Configure Super Bot Fight Mode.
- Enable AI Labyrinth.
Use the Bot Report to monitor bot traffic for the past 24 hours.
To access the Bot Report, go to Security > Bots. If you see a double-digit percentage of automated traffic, you may want to upgrade to Bot Management to save money on origin costs and protect your domain from large-scale attacks.
You can see bot-related actions by going to Security > Events. Any requests challenged by this product will be labeled Super Bot Fight Mode in the Service field. This allows you to observe, analyze, and follow trends in your bot traffic over time.
Super Bot Fight Mode runs during the http_request_sbfm phase of the Ruleset Engine.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark