What do you use to fight bots, scrapper and ddos

Jay Chen · Apr 22, 2025

My server was recently brought offline due to a very aggressive scrappers, so I implemented a rate limiting on the Cloudflare side.

Just curious to see what other people are doing.

eva2000 · Apr 22, 2025

Cloudflare Pro, Business or Enterprise based Cloudflare WAF, Transform and Rate Limit Rules FTW . Free plan doesn't have WAF analytics detailed enough to help you investigate bad actors and you don't have enough quota rules to cover all bad actors, you really need Pro, Business and if you can afford Enterprise plans.

For scrappers i.e. AI bots, also check out Cloudflare AI Audit Start auditing and controlling the AI models accessing your content

Cloudflare Enterprise plans also have Bot Management Enterprise that highly integrated into Cloudflare WAF Bot Management · Cloudflare bot solutions docs unlike Pro and Business plans.

buik · Apr 22, 2025

Jay Chen said: ↑

My server was recently brought offline due to a very aggressive scrappers, so I implemented a rate limiting on the Cloudflare side.

Just curious to see what other people are doing.
Click to expand...

eva2000 said: ↑

Cloudflare Pro, Business or Enterprise based Cloudflare WAF, Transform and Rate Limit Rules FTW . Free plan doesn't have WAF analytics detailed enough to help you investigate bad actors and you don't have enough quota rules to cover all bad actors, you really need Pro, Business and if you can afford Enterprise plans.

For scrappers i.e. AI bots, also check out Cloudflare AI Audit Start auditing and controlling the AI models accessing your content

Cloudflare Enterprise plans also have Bot Management Enterprise that highly integrated into Cloudflare WAF Bot Management · Cloudflare bot solutions docs unlike Pro and Business plans.
Click to expand...

When budget is not adequate and you are stuck with a free Cloudflare package.
There are still some options available.

For example. You could use the free Cloudflare option to block AI bots, scrapers and crawlers. Only decent services with a proper reputation are then permitted.

You could also block ASN networks with the free package. If the above does not work adequately.

I did help out at a volunteer website once. Blocking AWS and Azure (where most of the boredom is). Ensures right away that the most aggressive scrappers and bots are excluded.

Real visitors do not use an AWS or Azure internet line to visit website's, so these visitors are not excluded. And if in doubt or the golden mean, block ASN's and place a challenge to allow any legetime visitors who slip through, to still able to visit the site.

Jay Chen · Apr 23, 2025

eva2000 said: ↑

Cloudflare Pro, Business or Enterprise based Cloudflare WAF, Transform and Rate Limit Rules FTW . Free plan doesn't have WAF analytics detailed enough to help you investigate bad actors and you don't have enough quota rules to cover all bad actors, you really need Pro, Business and if you can afford Enterprise plans.

For scrappers i.e. AI bots, also check out Cloudflare AI Audit Start auditing and controlling the AI models accessing your content

Cloudflare Enterprise plans also have Bot Management Enterprise that highly integrated into Cloudflare WAF Bot Management · Cloudflare bot solutions docs unlike Pro and Business plans.
Click to expand...

Can't afford to put all sites under Pro, most of them don't generate money, they all hobby projects. Will look into putting some of them under Pro and see how it goes. Enterprise is too expensive for me.

Jay Chen · Apr 23, 2025

buik said: ↑

When budget is not adequate and you are stuck with a free Cloudflare package.
There are still some options available.

For example. You could use the free Cloudflare option to block AI bots, scrapers and crawlers. Only decent services with a proper reputation are then permitted.

You could also block ASN networks with the free package. If the above does not work adequately.

I did help out at a volunteer website once. Blocking AWS and Azure (where most of the boredom is). Ensures right away that the most aggressive scrappers and bots are excluded.

Real visitors do not use an AWS or Azure internet line to visit website's, so these visitors are not excluded. And if in doubt or the golden mean, block ASN's and place a challenge to allow any legetime visitors who slip through, to still able to visit the site.
Click to expand...

Will look into the free Cloudflare option to block AI bots and also blocking ASN networks. Lots of reading and research to do over the weekend.

Log in / Register

Forums

Learn about Centmin Mod LEMP Stack today

What do you use to fight bots, scrapper and ddos

Jay Chen Active Member

eva2000 Administrator Staff Member

buik “The best traveler is one without a camera.”

Jay Chen Active Member

Jay Chen Active Member

.

Log in / Register

Useful Searches

Learn about Centmin Mod LEMP Stack today

What do you use to fight bots, scrapper and ddos

Jay Chen Active Member

eva2000 Administrator Staff Member

buik “The best traveler is one without a camera.”

Jay Chen Active Member

Jay Chen Active Member

.