# CLOUDFLARE — WAF "Skip" rule  (Security > WAF > Custom rules > Create)
# Rule name: Allow search + AI crawlers
# When incoming requests match... (Edit expression):

(http.user_agent contains "Googlebot") or (http.user_agent contains "Google-Extended")
or (http.user_agent contains "Bingbot") or (http.user_agent contains "Slurp")
or (http.user_agent contains "DuckDuckBot") or (http.user_agent contains "YandexBot")
or (http.user_agent contains "Baiduspider") or (http.user_agent contains "AhrefsBot")
or (http.user_agent contains "SemrushBot") or (http.user_agent contains "GPTBot")
or (http.user_agent contains "OAI-SearchBot") or (http.user_agent contains "ChatGPT-User")
or (http.user_agent contains "PerplexityBot") or (http.user_agent contains "ClaudeBot")
or (http.user_agent contains "Claude-Web") or (http.user_agent contains "Applebot")
or (http.user_agent contains "meta-externalagent") or (http.user_agent contains "cohere-ai")

# Then take action:  Skip
#   Skip: All remaining custom rules
#   Additionally skip:  [x] Managed Challenge  [x] Bot Fight Mode  [x] Browser Integrity Check
#
# ALSO: Security > Bots > enable "Allow verified bots".
# This is the #1 fix — until bots stop getting 403, NOTHING below can be crawled.