Block DDoS Attacks and Bot Traffic in Magento 2
Magefan Bot Blocker for Magento prevents bot traffic from abusing your store at the request level, using automatic rate limiting, advanced access control lists, and IP or geo-based blocking. It filters out spam and any potential threats before they impact your store performance or overload your server resources.
Protect Magento from DDoS Attacks
Reduce server load and speed up response time for real users by blocking bots and DDoS attacks. Magento 2 Bot Blocker prevents abusive traffic using:
- - Automatic rate limiting per IP - block any IP that exceeds the request threshold automatically, or serve reCaptcha to let real users through while stopping bots.
- - Configurable monitoring window – set your own time limit window to match your server capacity.
- - Subnet blocking (/24) – block the entire /24 IP range automatically if the attack comes from multiple IPs within the same subnet.
Blacklist and Whitelist IPs in Magento
Magento 2 Bot Blocker allows you to blacklist or whitelist IP addresses directly from Magento admin panel with support for CIDR notation.
- - Allowed IPs – Whitelist IP addresses in Magento or IP ranges that should never be blocked by a security layer, such as a trusted partner or an offline network.
- - Blocked IPs – Block specific IPs or CIDR subnets permanently to prevent spam and overload.
Block User Agents with Access Lists
Block web scrapers, block crawlers, spider bots and any other user agents with the Magento 2 Bot Blocker.
Use regex, regular expressions, or exact strings to whitelist Googlebot, Bingbot and other trusted user agents to protect your SEO.
Stop curl scripts, scrapers, Python bots and other automated tools from accessing and spamming your store.
Block Traffic from Specific Countries
Minimise exposure to automated bots and attacks from high-risk regions with Geo IP blocking. No CDN or server rules required.
Block entire countries from accessing your store directly in the admin to reduce threats and preserve server resources.
Magento 2 Bot Blocker automatically detects visitors’ location based on IP and applies blocking rules instantly.
Restrict Bots Access with Magento 2 Bot Blocker
Except for preventing certain IP addresses and entire countries from accessing your store, Magefan Spam Blocker allows you to restrict bot access for certain bots only. It helps you limit spam search queries, block malicious requests and restrict access to certain pages.
Restrict Bot Access to Specific URLs
Magento 2 Bot Blocker uses URL matching rules to return a 410 Gone response for bots on specified pages to prevent unnecessary URL generation and crawl budget waste.
Define bot user agents you want to apply URL restrictions to and URL patterns for pages to block.
Keep important pages like products and categories fully accessible to search engines and protect your server from bot-generated load.
Block Malicious Requests and Scanners
Prevent automated vulnerability scanners from exploring exposed files or injection opportunities in your system. Use Magento 2 Bot Blocker to detect and block these malicious request patterns:
- - Banned URL patterns – detect and block requests targeting sensitive files and paths, including .git, .env, .htaccess, and other common targets.
- - Banned body patterns – block malicious POST and PUT request payloads containing code injection attempts, including shell_exec(), eval(), exec(), payloads, XSS script injections, phpinfo probes, and XDEBUG_SESSION exploits.
Filter Keywords and Blocked Search Spam in Magento
Magento 2 Bot Blocker prevents bots from crawling your search and generating thousands of unique search URLs.
Prevent SEO spam through search, reduce crawl waste, and improve website analytics by blocking Magento search spam.
Add a list of search queries that should be blocked and prevent bots from generating search results pages with those queries.
Verify Visitors and Monitor Blocked Bots in Magento
Magefan Bot Blocker adds a CAPTCHA challenge layer to verify real users, sends attack notifications via email, and provides extensive admin reports so you always know what is being blocked and why.
Add CAPTCHA Challenge to Magento
Protect Magento from bots without blocking real users. Add a verification challenge for suspected bots only based on CPU usage and server load.
- - Google reCAPTCHA v2 — show a standard CAPTCHA challenge to suspicious bots before allowing them access to your store.
- - Cloudflare Turnstile — use Cloudflare privacy-friendly bot verification as an alternative to Google reCAPTCHA in Magento.
- - Wholesite CAPTCHA — enable a verification challenge across an entire store to block automated traffic at the entry point.
- - Verification page – configure layout, messaging, branding of the challenge page that visitors see when verification is required.
Get Notified About Attacks and Suspicious Traffic
Magento 2 Bot Blockers keep you informed about every attack. Don’t check your blocked traffic reports in the admin constantly. Receive email notifications directly to your email:
- - DDoS alerts – get notified whenever the total request limit is exceeded.
- - Auto reCAPTCHA notifications – receive emails about reCAPTCHA being enabled automatically when an IP exceeds the request limit.
- - Bad requests blocked – receive a summary when new bad requests are blocked.
Monitor Bot Traffic with Reports and Logs
See detailed reports about the bot and spam traffic blocked by the Magento 2 Bot Blocker.
Understand what is hitting your store and how often, which IPs overload your server the most, what paths are being requested the most and where the attacks are coming from.
Get structured logs about IPs, blocked bad requests, and temporarily and permanently blocked IPs.
Filter through IPs and user agents to block, allow or view more details directly in reports.



