Update: AI Bot Blocking Edition

Michael Buckbee

28 Mar 2024

This week, learn how to (and if you should) block AI bots from accessing your site. Our experiences migrating the backend of our application to JumpStartPro and why you should be very cautious about handling DS_Store files.

AI Bot Mitigation Guide

Should you be blocking AI data-gathering bots from your site? The answer is not as straightforward as it seems.

For each site, you need to consider:

  • Data Handling
  • Security
  • Business Goals
  • Server by Server use cases


To top it off, since AI bots don’t show up in analytics, you probably have no idea how many requests they make to your site daily.

As we’re trying to bring more awareness to the problem, we’re sharing the guide on socials:

→ Get the Guide on LinkedIn

→ Get the Guide on TwittXr

Not on either of those? Email support@wafris.org and we will send you a copy.

AI Bot Blocking Ruleset

If you’re a current Wafris user (at any plan level), you now have access to a new AI Bot blocking specific Ruleset.

Log into your Wafris account on https://hub.wafris.org, choose “Ruleset,” and then “Apply”

JSP Migration Guide

This week, we published our experience of migrating the backend of our management site to Jumpstart Pro. This has been a great time saver for us as we didn’t need to burn dev cycles on already-solved problems.

Read more here: https://wafris.org/guides/our-experience-migrating-to-jumpstart-pro


Dastardly DS_Store Files

If you use a Mac and git, double-check that ".DS_Store" files are in your .gitignore. Why? 🤷🏻‍♂️

Bots search specifically for the files since they contain listings of all the other files in their directory, potentially exposing you to sensitive information.

As further protection: add a Wafris path rule to block any requests containing “DS_Store”.


Rather be doing something else?

Whether you’re moving towards SOC2 compliance, need to block AI bots or just aren’t sure how to handle an influx of “weird” traffic in your logs, there is a clear trend: you don’t want to deal with any of this.

Which is where we come in, Wafris is specifically designed to help take the security burden off of solo devs and small teams via our security automation and integrated incident response support.

So, if you’re dealing with issues you’d rather not this week, talk to us so you can get back to doing more of the work you like:


Do this next

We're on a mission to better secure every web app on internet. Here's some ways you can jump in:

1. Check out our Open Source Web Application Firewall

Wafris is the free open source WAF that you can use to understand and visualize the requests hitting your apps and then take steps to protect them. It's still in early development, but you can signup for the waitlist to get early access at wafris.org

2. Investigate IP addresses with our IP Lookup service

Bad bots and probes hit sites within minutes of being put on the Internet. Sort the good from the bad by identifying request IPs as coming from bots, Tor networks, VPNs, proxies and malware hosts at wafris.org/ip-lookup

3. Anything else?

If you have any questions or need help finding the right way to handle web app security issues, please let us know at: help@wafris.org