ModSecurity WAF AI Crawler Filtering: Implementation Guide
Quick Summary
- What this covers: Deploy ModSecurity Web Application Firewall rules blocking unauthorized AI training crawlers. Technical patterns for User-agent filtering and rate limiting enforcement.
- Who it's for: publishers and site owners managing AI bot traffic
- Key takeaway: Read the first section for the core framework, then use the specific tactics that match your situation.
ModSecurity serves as open-source Web Application Firewall providing real-time traffic inspection and filtering. Publishers deploy ModSecurity rules to enforce AI crawler access policies regardless of robots.txt compliance. Technical implementation transforms passive robots.txt suggestions into active enforcement blocking unauthorized training data harvesting at network edge before content delivery.
ModSecurity Architecture and Request Processing
ModSecurity operates as web server module (Apache, Nginx, IIS) inspecting HTTP requests and responses through rule-based engine. Request processing flows through five phases: connection establishment (phase 1), request headers (phase 2), request body (phase 3), response headers (phase 4), response body (phase 5). AI crawler filtering primarily leverages phases 1-2, examining connection source and request headers before application processing.
Rule syntax follows structure: SecRule VARIABLE "OPERATOR" "ACTIONS". Variables extract request properties—User-agent header, IP address, request path. Operators test conditions—string matching, regex patterns, numeric comparisons. Actions specify responses—block, allow, log, set variables. Chaining multiple rules creates complex logic evaluating combinations of request attributes.
Rule evaluation determines request fate. Match triggers associated actions. Common blocking actions return HTTP 403 Forbidden or 429 Too Many Requests status codes. Logging actions record blocked attempts for monitoring and compliance documentation. Pass actions allow request while executing secondary actions like incrementing rate limit counters.
ModSecurity Core Rule Set (CRS) provides baseline protections against SQL injection, XSS, and common attacks. AI crawler filtering requires custom rules targeting specific User-agent patterns and crawler behaviors. Custom rules supplement rather than replace CRS, maintaining security posture while adding crawler-specific controls.
Basic User-Agent Blocking Rules
User-agent header inspection provides primary crawler identification mechanism. AI training crawlers typically declare identity via User-agent strings enabling straightforward blocking.
Block OpenAI GPTBot crawler:
SecRule REQUEST_HEADERS:User-Agent "@contains GPTBot" \
"id:2001,\
phase:1,\
deny,\
status:403,\
log,\
msg:'OpenAI GPTBot blocked',\
tag:'ai-crawler'"
Rule 2001 executes during phase 1 (connection), examines User-agent header for "GPTBot" substring, returns 403 Forbidden if matched, logs event with descriptive message. Tag enables filtering AI crawler blocks in log aggregation tools.
Block multiple AI crawlers with single rule:
SecRule REQUEST_HEADERS:User-Agent "@rx (GPTBot|ClaudeBot|CCBot|anthropic-ai|ChatGPT-User)" \
"id:2002,\
phase:1,\
deny,\
status:403,\
log,\
msg:'AI training crawler blocked: %{MATCHED_VAR}',\
tag:'ai-crawler'"
Regex operator (@rx) matches any of listed crawler User-agents. Matched variable placeholder (%{MATCHED_VAR}) logs specific crawler blocked, aiding monitoring and analytics. Single rule reduces configuration maintenance compared to per-crawler rules.
Case-insensitive matching handles User-agent variations:
SecRule REQUEST_HEADERS:User-Agent "@rx (?i)(gptbot|claudebot|ccbot)" \
"id:2003,\
phase:1,\
deny,\
status:403,\
log,\
msg:'AI crawler blocked (case-insensitive): %{MATCHED_VAR}',\
tag:'ai-crawler'"
The (?i) regex flag enables case-insensitive matching, catching "GPTBot", "gptbot", "GPTBOT" variants. Crawlers with inconsistent User-agent casing cannot evade detection through case manipulation.
Advanced Pattern Matching and Behavioral Detection
Simple User-agent matching fails against sophisticated crawlers spoofing browser identities. Behavioral analysis detecting crawler-like request patterns supplements User-agent filtering.
Detect generic bot User-agents lacking specific identification:
SecRule REQUEST_HEADERS:User-Agent "@rx bot|crawler|spider|scraper" \
"id:2004,\
phase:1,\
pass,\
nolog,\
setvar:'tx.suspicious_ua=+1'"
SecRule TX:suspicious_ua "@ge 1" \
"id:2005,\
phase:1,\
chain"
SecRule REQUEST_HEADERS:User-Agent "!@contains Googlebot" \
"!@contains Bingbot" \
"!@contains YandexBot" \
"deny,\
status:403,\
log,\
msg:'Generic bot blocked: %{REQUEST_HEADERS.User-Agent}',\
tag:'ai-crawler'"
First rule detects generic bot keywords, increments suspicious User-agent counter. Chained second rule blocks if suspicious but not whitelisted search engines. Approach catches unidentified crawlers while preserving legitimate search engine access.
Missing or suspicious User-agent headers signal crawler activity:
SecRule &REQUEST_HEADERS:User-Agent "@eq 0" \
"id:2006,\
phase:1,\
deny,\
status:403,\
log,\
msg:'Missing User-Agent header',\
tag:'ai-crawler'"
Legitimate browsers always send User-agent headers. Absence indicates crawler attempting stealth. Rule rejects requests lacking User-agent entirely.
IP Address and Geolocation Filtering
User-agent headers are easily spoofed. IP address provides secondary verification, though sophisticated crawlers use residential proxies and distributed infrastructure complicating IP-based blocking.
Block known AI company IP ranges:
SecRule REMOTE_ADDR "@ipMatch 162.158.0.0/16,104.16.0.0/12" \
"id:2007,\
phase:1,\
deny,\
status:403,\
log,\
msg:'AI company IP range blocked',\
tag:'ai-crawler'"
IPMatch operator tests whether request source IP falls within specified CIDR ranges. Example shows blocking specific network blocks (update with actual AI company ranges). Requires ongoing maintenance as companies expand infrastructure.
IP reputation databases enhance filtering:
SecRule REMOTE_ADDR "@ipMatchFromFile /etc/modsecurity/ip-blocklist.txt" \
"id:2008,\
phase:1,\
deny,\
status:403,\
log,\
msg:'Blocked IP from reputation list',\
tag:'ai-crawler'"
External file contains one IP or CIDR range per line. Centralized blocklist enables bulk updates without modifying rules. Integrate with IP reputation services (Project Honeypot, AbuseIPDB) automating blocklist updates.
Geographic restrictions block crawler-heavy regions:
SecRule GEO:COUNTRY_CODE "@rx (CN|RU|KR)" \
"id:2009,\
phase:1,\
pass,\
nolog,\
setvar:'tx.high_risk_geo=+1'"
GEO variables require GeoIP database integration (MaxMind). Geographic filtering reduces crawler traffic from regions with heavy crawler activity. Balance against legitimate user exclusion—geography alone insufficient for blocking without additional signals.
Rate Limiting and Request Throttling
Rate limiting restricts request frequency from individual IPs regardless of bot identification. Aggressive request patterns characteristic of crawlers trigger throttling or blocking.
Track requests per IP address:
SecAction "id:2010,\
phase:1,\
nolog,\
pass,\
initcol:ip=%{REMOTE_ADDR}"
SecRule REQUEST_HEADERS:User-Agent "@rx (GPTBot|ClaudeBot|CCBot)" \
"id:2011,\
phase:1,\
pass,\
setvar:ip.ai_requests=+1,\
expirevar:ip.ai_requests=60"
SecRule IP:ai_requests "@gt 10" \
"id:2012,\
phase:1,\
deny,\
status:429,\
log,\
msg:'AI crawler rate limit exceeded: %{ip.ai_requests} requests',\
tag:'ai-crawler'"
Initialization rule creates persistent collection tracking requests per IP. Second rule increments counter for AI crawler requests with 60-second expiration. Third rule blocks when counter exceeds 10 requests per minute. Returns HTTP 429 Too Many Requests signaling rate limit to compliant crawlers.
Progressive rate limiting increases strictness for persistent violators:
SecRule IP:ai_requests "@gt 100" \
"id:2013,\
phase:1,\
deny,\
status:403,\
log,\
msg:'AI crawler permanent block: excessive requests',\
setvar:ip.blocked=1,\
expirevar:ip.blocked=3600,\
tag:'ai-crawler'"
Crawlers exceeding 100 requests/minute escalate to permanent hourly block. Demonstrates graduated enforcement—initial violations receive soft rate limiting (429), persistent violations trigger hard blocks (403). Escalation deters repeated circumvention attempts.
Content-Specific Protection Rules
Differentiated content tiers require granular access controls. Premium content, API endpoints, and high-value archives demand stronger protections than public marketing pages.
Protect premium content paths:
SecRule REQUEST_URI "@beginsWith /premium/" \
"id:2014,\
phase:1,\
chain"
SecRule REQUEST_HEADERS:User-Agent "@rx (GPTBot|ClaudeBot|CCBot)" \
"deny,\
status:403,\
log,\
msg:'AI crawler blocked from premium content: %{REQUEST_URI}',\
tag:'ai-crawler'"
Chained rules evaluate path and User-agent combination. First rule matches premium path, second rule checks crawler User-agent. Both conditions required for block. Public paths permit crawler access while protecting paywalled content.
API endpoint protection prevents programmatic scraping:
SecRule REQUEST_URI "@beginsWith /api/" \
"id:2015,\
phase:1,\
chain"
SecRule &REQUEST_HEADERS:Authorization "@eq 0" \
"chain"
SecRule REQUEST_HEADERS:User-Agent "@rx bot|crawler|scraper" \
"deny,\
status:401,\
log,\
msg:'Unauthenticated bot blocked from API',\
tag:'ai-crawler'"
Three-condition chain: API path, missing Authorization header, bot User-agent. Authenticated API access permitted (legitimate integrations), but unauthenticated bots rejected with HTTP 401 Unauthorized.
Block specific file types from crawler access:
SecRule REQUEST_URI "@rx \.(pdf|doc|docx|xls|xlsx|zip)$" \
"id:2016,\
phase:1,\
chain"
SecRule REQUEST_HEADERS:User-Agent "@rx (GPTBot|ClaudeBot|CCBot)" \
"deny,\
status:403,\
log,\
msg:'AI crawler blocked from document: %{REQUEST_URI}',\
tag:'ai-crawler'"
Blocks crawlers from accessing downloadable documents while permitting human users. Protects proprietary documents, reports, and ebooks from AI training data harvesting.
Logging and Monitoring Configuration
Effective enforcement requires comprehensive logging documenting blocked attempts, identifying evasion patterns, and supporting legal compliance.
Detailed logging configuration:
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:403|429)$"
SecAuditLogType Serial
SecAuditLog /var/log/modsecurity/audit.log
SecAuditLogFormat JSON
RelevantOnly mode logs only requests triggering rules. Relevant status filter captures blocked requests (403, 429). JSON format enables structured log analysis with SIEM and analytics tools. Audit log contains complete request and response details supporting forensic investigation.
Alert integration with monitoring systems:
SecRule TX:ai_crawler_blocked "@eq 1" \
"id:2017,\
phase:5,\
pass,\
exec:/usr/local/bin/ai-crawler-alert.sh"
Phase 5 (logging phase) executes external script when crawler block occurs. Script can send email alerts, trigger webhook notifications, or update monitoring dashboards. Real-time alerting enables rapid response to blocking bypass attempts or emerging crawler threats.
Log analysis extracts crawler intelligence:
grep "ai-crawler" /var/log/modsecurity/audit.log | \
jq -r '[.transaction.request.headers."User-Agent", .transaction.client_ip] | @tsv' | \
sort | uniq -c | sort -rn
Parses JSON audit logs, extracts User-agent and IP, counts occurrences. Reveals most common AI crawlers and persistent IPs enabling targeted enforcement improvements. Regular analysis informs rule tuning and blocklist updates.
Whitelisting Legitimate Crawlers
Overly aggressive blocking disrupts search engine indexing and legitimate monitoring services. Whitelist rules permit essential crawlers while maintaining AI training crawler blocks.
Whitelist major search engines:
SecRule REQUEST_HEADERS:User-Agent "@rx (Googlebot|Bingbot|YandexBot|DuckDuckBot)" \
"id:2018,\
phase:1,\
pass,\
nolog,\
ctl:ruleRemoveById=2002-2016,\
tag:'whitelisted-crawler'"
Pass action allows request to proceed. ctl directive disables rules 2002-2016 (AI crawler blocks) for whitelisted User-agents. Ensures search engine access unaffected by AI crawler filtering.
Verify search engine crawler authenticity via reverse DNS:
SecRule REQUEST_HEADERS:User-Agent "@contains Googlebot" \
"id:2019,\
phase:1,\
pass,\
nolog,\
setvar:'tx.claimed_googlebot=1'"
SecRule TX:claimed_googlebot "@eq 1" \
"id:2020,\
phase:1,\
chain"
SecRule REMOTE_HOST "!@endsWith .googlebot.com" \
"deny,\
status:403,\
log,\
msg:'Fake Googlebot detected',\
tag:'crawler-impersonation'"
First rule flags requests claiming Googlebot identity. Second rule verifies reverse DNS hostname matches legitimate Google crawler domain. Blocks User-agent spoofing—crawlers claiming "Googlebot" but originating from non-Google infrastructure.
Performance Optimization
ModSecurity rule evaluation consumes CPU resources. Efficient rule design minimizes performance impact on legitimate traffic.
Early phase evaluation reduces processing overhead:
SecRule REQUEST_HEADERS:User-Agent "@rx (GPTBot|ClaudeBot)" \
"id:2021,\
phase:1,\
deny,\
status:403,\
nolog,\
tag:'ai-crawler'"
Phase 1 processing during connection establishment prevents deeper request processing. nolog directive skips audit logging for obvious blocks, reducing I/O overhead. Reserve detailed logging for ambiguous cases requiring investigation.
Rule ordering prioritizes common matches:
# Place most frequently matched rules first
SecRule REQUEST_HEADERS:User-Agent "@contains GPTBot" ...
SecRule REQUEST_HEADERS:User-Agent "@contains ClaudeBot" ...
# Less common crawlers later
SecRule REQUEST_HEADERS:User-Agent "@contains obscure-crawler" ...
Rule engine evaluates sequentially. Placing common crawler patterns first reduces average evaluation time. Analyze logs identifying high-frequency crawlers for rule ordering optimization.
String operations faster than regex:
# Faster
SecRule REQUEST_HEADERS:User-Agent "@contains GPTBot" ...
# Slower
SecRule REQUEST_HEADERS:User-Agent "@rx GPTBot" ...
String containment operator (@contains) outperforms regex (@rx) for simple substring matching. Reserve regex for complex patterns requiring alternation, anchoring, or character classes.
Integration with Nginx and Apache
ModSecurity integrates with web servers requiring configuration coordination between WAF rules and server directives.
Apache integration via mod_security2:
LoadModule security2_module modules/mod_security2.so
<IfModule security2_module>
SecRuleEngine On
Include /etc/modsecurity/modsecurity.conf
Include /etc/modsecurity/owasp-crs/*.conf
Include /etc/modsecurity/custom-rules/ai-crawlers.conf
</IfModule>
Load ModSecurity module, enable rule engine, include CRS baseline and custom AI crawler rules. Configuration applies globally unless overridden by directory-specific rules.
Nginx integration via ModSecurity-nginx connector:
load_module modules/ngx_http_modsecurity_module.so;
http {
modsecurity on;
modsecurity_rules_file /etc/nginx/modsecurity.conf;
server {
listen 80;
server_name example.com;
location / {
modsecurity_rules '
SecRule REQUEST_HEADERS:User-Agent "@contains GPTBot" "id:3001,deny,status:403"
';
proxy_pass http://backend;
}
}
}
Nginx connector enables ModSecurity functionality in Nginx. Inline rules within location blocks provide request-path-specific controls. External rules file maintains shared rules across locations.
Frequently Asked Questions
Does ModSecurity impact website performance for legitimate users?
Properly optimized ModSecurity rules impose minimal latency—typically 1-5ms per request. Early-phase blocking (phase 1-2) prevents expensive application processing for bot traffic, potentially improving overall performance. Performance impact scales with rule complexity and quantity. Monitor response times and optimize rules if latency increases. Hardware acceleration and rule ordering minimize overhead.
How do I update ModSecurity rules to block newly identified AI crawlers?
Add new SecRule entries to custom rules file targeting new crawler User-agents. Reload ModSecurity configuration without web server restart: systemctl reload apache2 (Apache) or nginx -s reload (Nginx). Automated updates possible via scripts fetching threat intelligence feeds and regenerating rules files. Version control rules files enabling rollback if updates cause issues. Test rule changes in staging environment before production deployment.
Can AI crawlers bypass ModSecurity by using residential proxies?
Residential proxies complicate IP-based blocking—traffic originates from consumer ISP addresses indistinguishable from legitimate users. User-agent filtering and behavioral analysis remain effective even with proxy use. JavaScript challenges requiring client-side execution detect automated crawlers regardless of IP source. No single defensive measure provides complete protection; layered defense combining User-agent, behavior, and technical challenges increases bypass cost beyond economic viability for most attackers.
What legal documentation does ModSecurity logging provide for enforcement?
Audit logs create evidence trail documenting unauthorized access attempts. Logs record timestamp, source IP, User-agent, blocked URL, and rule triggered. JSON format enables tamper-evident log preservation. Documented access attempts despite robots.txt restrictions and terms of service prohibitions strengthen legal claims of willful circumvention. Logs support damages calculation based on request volume and bandwidth consumption. Maintain logs with appropriate retention policies meeting legal discovery requirements.
How do I whitelist licensed AI crawlers while blocking unlicensed ones?
Licensed crawlers receive authentication credentials (API keys, OAuth tokens) distinguishing from unlicensed crawlers. ModSecurity rules check for authentication headers before blocking:
SecRule REQUEST_HEADERS:Authorization "@rx ^Bearer [a-zA-Z0-9]+" \
"id:2022,phase:1,pass,ctl:ruleRemoveById=2002-2016,tag:'licensed-crawler'"
Presence of valid Authorization header disables AI crawler blocking rules. Authentication verification happens before content delivery ensuring only paid crawlers access protected content. Alternative: maintain whitelist of licensed crawler IP ranges applied via IP matching rules.
When Blocking AI Crawlers Isn't the Move
Skip this if:
- Your site has less than 1,000 monthly organic visits. AI crawlers aren't your problem — getting indexed by traditional search is. Focus on content quality and link acquisition before worrying about bot management.
- You're running a personal blog or portfolio site. AI citation of your content is free exposure at this scale. Blocking crawlers costs you visibility without protecting meaningful revenue.
- Your revenue comes entirely from direct sales, not content. If your content isn't the product (e-commerce, SaaS with no content moat), AI crawlers are neutral. Your competitive advantage lives in the product, not the pages.