惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Google DeepMind News
Google DeepMind News
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
宝玉的分享
宝玉的分享
量子位
博客园 - 叶小钗
博客园_首页
Know Your Adversary
Know Your Adversary
S
Schneier on Security
罗磊的独立博客
C
Cyber Attacks, Cyber Crime and Cyber Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Simon Willison's Weblog
Simon Willison's Weblog
美团技术团队
WordPress大学
WordPress大学
大猫的无限游戏
大猫的无限游戏
Hacker News: Ask HN
Hacker News: Ask HN
Application and Cybersecurity Blog
Application and Cybersecurity Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Security Latest
Security Latest
月光博客
月光博客
Spread Privacy
Spread Privacy
C
Cybersecurity and Infrastructure Security Agency CISA
人人都是产品经理
人人都是产品经理
J
Java Code Geeks
C
CERT Recently Published Vulnerability Notes
Last Week in AI
Last Week in AI
Attack and Defense Labs
Attack and Defense Labs
NISL@THU
NISL@THU
H
Hacker News: Front Page
N
News and Events Feed by Topic
小众软件
小众软件
T
Threatpost
V2EX - 技术
V2EX - 技术
T
Tailwind CSS Blog
阮一峰的网络日志
阮一峰的网络日志
Project Zero
Project Zero
L
LINUX DO - 热门话题
Apple Machine Learning Research
Apple Machine Learning Research
C
CXSECURITY Database RSS Feed - CXSecurity.com
TaoSecurity Blog
TaoSecurity Blog
P
Privacy International News Feed
Latest news
Latest news
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
酷 壳 – CoolShell
酷 壳 – CoolShell
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
AWS News Blog
AWS News Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园 - 【当耐特】
Hugging Face - Blog
Hugging Face - Blog

Vercel News

Vercel Open Source Program: Winter 2026 cohort How Notion Workers run untrusted code at scale with Vercel Sandbox How we run Vercel's CDN in front of Discourse From idea to secure checkout in minutes with Stripe Building Slack agents can be easy Scaling redirects to infinity on Vercel Advancing Python typing Gamma builds design-first agents with Vercel How Avalara turns pipe dreams into patent-pending with v0 Keeping community human while scaling with agents How OpenEvidence built a healthcare AI that physicians actually trust Security boundaries in agentic architectures Skills Night: 69,000+ ways agents are getting smarter Video Generation with AI Gateway We Ralph Wiggumed WebStreams to make them 10x faster How Stably ships AI testing agents in hours, not weeks How we built AEO tracking for coding agents Anyone can build agents, but it takes a platform to run them Introducing Geist Pixel The Vercel AI Accelerator is back with $6m in credits Making agent-friendly pages with content negotiation The Vercel OSS Bug Bounty program is now available Introducing the new v0 Run untrusted code with Vercel Sandbox, now generally available How Stripe built a game-changing app in a single flight with v0 How Sensay went from zero to product in six weeks AGENTS.md outperforms skills in our agent evals Agent skills explained: An FAQ Testing if "bash is all you need" AWS databases are now live on the Vercel Marketplace and v0 Use Perplexity Web Search with Vercel AI Gateway Introducing: React Best Practices Nick Bogaty joins Vercel as Chief Revenue Officer How Mux shipped durable video workflows with their @mux/ai SDK How to build agents with filesystems and bash How we made v0 an effective coding agent Stopping the slow death of internal tools Building AI-Generated Pixel Trading Cards with Vercel AI Gateway We removed 80% of our agent’s tools AI SDK 6 Our $1 million hacker challenge for React2Shell Cline now runs on Vercel AI Gateway How to prompt v0 Build smarter workflows with Notion and v0 Vercel launches partner certification Inside Workflow DevKit: How framework integrations work React2Shell Security Bulletin | Vercel Knowledge Base Billions of requests: Black Friday-Cyber Monday 2025 Investing in the Python ecosystem AWS Databases coming to the Vercel Marketplace How we built the v0 iOS app Workflow Builder: Build your own workflow automation platform Vercel Open Source Program: Fall 2025 cohort Self-driving infrastructure Vercel collaborates with Google for Gemini 3 Pro Preview launch Vercel: The anti-vendor-lock-in cloud How Nous Research used BotID to block automated abuse at scale How AI Gateway runs on Fluid compute What we learned building agents at Vercel Build and deploy data applications on Snowflake with v0 BotID Deep Analysis catches a sophisticated bot network in real-time Vercel achieves TISAX AL2 compliance to serve automotive partners Bun runtime on Vercel Functions David Totten Joins Vercel to Lead Global Field Engineering Vercel Ship AI 2025 recap You can just ship agents AI agents and services on the Vercel Marketplace Built-in durability: Introducing Workflow Development Kit Zero-config backends on Vercel AI Cloud Introducing Vercel Agent: Your new Vercel teammate Update regarding Vercel service disruption on October 20, 2025 Agents at work, a partnership with Salesforce and Slack Running Next.js in ChatGPT: How to Build ChatGPT Apps Talha Tariq joins Vercel as CTO of Security Just another (Black) Friday Server rendering benchmarks: Fluid Compute and Cloudflare Workers Towards the AI Cloud: Our Series F Collaborating with Anthropic on Claude Sonnet 4.5 to power intelligent coding agents Preventing the stampede: Request collapsing in the Vercel CDN BotID uncovers hidden SEO poisoning How we made global routing faster with Bloom filters What you need to know about vibe coding Scale to one: How Fluid solves cold starts Addressing security & quality issues with MCP tools - Vercel AI agents at scale: Rox’s Vercel-powered revenue operating system Agentic Infrastructure Zero Data Retention on AI Gateway Optimizing Vercel Sandbox snapshots How Waldium made a blog platform work for humans and AI alike How FLORA shipped a creative agent on Vercel's AI stack Agent responsibly Making Turborepo 96% faster with agents, sandboxes, and humans Unified reporting for all AI Gateway usage new.website joins forces with v0 SERHANT.'s playbook for rapid AI iteration Two startups at global scale without DevOps Chat SDK brings agents to your users 360 billion tokens, 3 million customers, 6 engineers Meet the 2026 Vercel AI Accelerator Cohort Build knowledge agents without embeddings
Vercel's Bot Protection stops malicious bots in a single click - Vercel – Vercel
2025-04-23 · via Vercel News

4 min read

The Vercel Web Application Firewall (WAF) inspects billions of requests every day to block application-layer threats, such as cross-site scripting, traversal, and application DDoS attacks. While we already inspect and block malicious bot traffic, we wanted to provide better, more precise controls to fine tune your application security.

Today, we're launching the Bot Protection managed ruleset, free for all users on all plans. With a single click, you can protect your application from bot attacks.

Enable Bot Filter Today

Bot Filter protects applications from bot attacks with a single click.

Enable Now

Link to headingCountering the threat of bad bots

Automation plays a key role in how the internet works. While some bots serve useful functions, like crawling and indexing, it’s estimated that nearly one-third of internet traffic is malicious bot activity. They’ve become some of the biggest security threats facing developers, security teams, and end-users today.

To counter automation at this scale, there’s no one-sized fits all approach. Teams need a variety of tools and mitigation techniques to stop bad bots.

Link to headingEvolving our bot protections

Vercel provides bot mitigation as part of our secure by default platform.

  • Our platform-wide DDoS mitigations block traffic from botnets behind DDoS traffic, HTTP floods, and malformed requests

  • Firewall templates let users deploy rules targeting known bad actors, from open source blocklists to common AI scrapers

  • Attack Challenge mode can be used to challenge requests during highly-sophisticated or targeted attacks

However, as automated attacks become more advanced, teams require more targeted protections that are always on and always adapting.

Link to headingIntroducing Bot Protection

The Bot Protection managed ruleset gives you the ability to stop unwanted bot traffic, while allowing business-critical bots through. This new security layer goes beyond our platform protections to give you greater control over the type of traffic accessing you applications.

Link to headingHow Bot Protection works

The Bot Protection ruleset takes a proactive approach using a heuristics-based detection. It quickly distinguishes between browser-based traffic (human) or non-browser based (likely bot) traffic with zero configuration needed. When enabled:

  • Requests from real browsers and verified bots are allowed through, including internal sources like project cron jobs and API calls from your functions. We publish additional information about verified bots on bots.fyi.

  • Requests from non-browser clients, like curl or unwanted scrapers, can be issued a challenge

Bot Protection ties directly into the WAF. As a managed ruleset, we maintain the list of verified bots to ensure authenticity and reduce maintenance overhead.

Link to headingWhen to use Bot Protection

Use Bot Protection to restrict access to your sites to human users and Vercel-verified bots. It’s ideal for legitimate services like AI and SEO bots, or when you expect mostly human traffic. Bot Protection continuously challenges non-browser traffic, improving app performance and optimizing resource usage for real customers.

We recommend you enable Bot Protection in Log-Only Mode first to gain visibility into your app's traffic and bot sources by showing what requests would be challenged. For legitimate automated traffic not covered by verified bots list, you can use custom WAF rules with the bypass action to ensure that this traffic reaches your app.

Bot Protection is not designed to defend against sophisticated bots that mimic human and browser behavior. Should you want to issue a challenge to all traffic to block automation entirely, use Attack Challenge Mode instead.

Link to headingWhat’s next for bot management

Link to headingPublic Beta Feedback

During this public beta period, we’ve set up a thread on the Vercel Community where you can share your feedback, feature requests, and experiences with Bot Protection.

Link to headingLooking ahead

Bot management plays a key role in strengthening our secure by default platform. AI agents and other automated tools are only increasing, and the rising volume of sophisticated bot traffic will change the way developers build, operate, and secure apps.

Our planned bot management updates for the Vercel Firewall focus on specific attack types and better end-user experiences. Additional features include deeper observability into bot traffic, more granular control over verified and AI bots, Bot Protection SDK, and runtime bot protection capabilities. Enterprise users looking for more granular control will also get access to underlying detection signals as configurable inputs in the Firewall for more advanced control over automated traffic.

Link to headingEnable Bot Protection today

You can enable the Bot Protection from your Firewall's Configure dashboard.

Learn about security that scales with you

The Vercel Firewall delivers multi-layer protection against application-layer attacks, DDoS threats, and bots. Visit our security page to sign up for a demo or add firewall rules today

Learn more

If you're just getting started with Vercel Firewall, or don't yet have a clear picture of your app's traffic patterns, start in Log-Only Mode so you can refine your allowlist before switching to active enforcement.

If you are a SaaS provider and want to add your bot to our verified bots list, you can reach out to us at https://bots.fyi/.

Learn more in the changelog or read the documentation.

Edit: During the beta period, we renamed the Bot Filter managed ruleset to Bot Protection