Understanding Cloudflare User Agent Blocking

Learn how Cloudflare User Agent Blocking blocks malicious user agents from visiting your website.


User Agent Blocking (UA) rules block specific browser or web application User-Agent request headers.  UA rules apply to the entire domain instead of individual subdomains.  UA rules are applied after Zone Lockdown rules, so permitting an IP address via Zone Lockdown skips UA rules.

The maximum number of allowed UA rules is based on plan type: 

  • Free: 10
  • Pro: 50
  • Business: 250
  • Enterprise: 1,000

Create a User Agent Blocking rule

1. Log in to your Cloudflare Account.

2. Select the appropriate Domain.

3. Select the Tools tab within the Cloudflare Firewall app.

4. Click Create Blocking Rule under User Agent Blocking. 

5. Enter the Name/Description.

6. Select an applicable Action of either Block, Challenge (captcha), or JS challenge.

7. Enter the User Agent.  For example, to block the Bad Bot web spider:

BadBot/1.0.2 (+http://bad.bot)

8. Wildcards (*) are not supported.

9. Click Save and Deploy.

Related resources

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.