Vercel Web Application Firewall now includes a new Bot Filter managed ruleset, available in public beta for all users.
Bot Filter helps reduce automated traffic from non-browser sources and allows you to respond based on two action choices:
Log Only Action: Logs identified bot traffic in the Firewall tab without blocking requests
Challenge Action: Serves a browser challenge to traffic from non-browser sources. Verified bots are automatically excluded
To avoid disrupting legitimate automated traffic that's not already covered by Verified Bots, you can configure custom WAF rules using the bypass action for specific requests.
To enable the ruleset:
In your project dashboard, navigate to the Firewall tab and select Configure
Under Bot Protections, navigate to Bot Filter
Select Log or Challenge
Select Review Changes and review the changes to be applied
Select Publish to apply the changes to your production deployment
Bot Filter complements Vercel's existing mitigations, which already block common threats like DDoS attacks, low quality traffic, and spoofed traffic. It adds an extra layer of protection for any automated traffic that is not clearly malicious.
During this public beta period, we’ve set up a thread on the Vercel Community where you can share your feedback, feature requests, and experiences with the Bot Filter.
Learn more about the Bot Filter managed ruleset and the Vercel Firewall.