AI search fix
Cloudflare rules for AI bots (safe)
Safe Cloudflare rules for AI bots use targeted allow or skip logic for trusted user-agents — GPTBot, ClaudeBot, PerplexityBot, Google-Extended, Bingbot — whilst keeping protection for unknown automation. Avoid blanket allow-all-bot policies; align WAF behaviour with robots.txt intent. Configure custom rules, test status codes, and confirm requests reach origin. This improves crawl readiness but does not guarantee citations in AI products.
Most regressions follow security changes: one bot is fixed, another is blocked silently. Keep one documented AI bot policy and audit logs after each Cloudflare update.
Safe Cloudflare rule pattern
- List the exact AI user-agents your policy allows.
- Create WAF custom rules matching User-Agent for each trusted bot.
- Apply Skip or Allow for bot challenge layers — not a global security bypass.
- Keep managed protections active for unknown and abusive automation.
- Validate edge and origin logs for 200 or 304 on important HTML URLs.
Free · 2 minutes · no card
See what AI crawlers hit on your site
Technical blockers, missing context, weak AI-readiness signals — in one HTML report.
You'll get an HTML report on likely edge blocks and AI crawler policy mismatches.
Frequently asked questions
Should I disable Bot Fight Mode entirely?
Not necessarily. Targeted skip rules for trusted bots whilst keeping broad protection for unknown traffic is usually safer.
Can robots.txt alone fix Cloudflare blocks?
No. robots.txt is advisory once access is granted. Edge blocks stop bots before they read robots.txt.
How do I verify Cloudflare rules worked?
Check logs for trusted user-agents and successful status codes on key HTML URLs after the change.
Related questions
Updated
