Skip to content

Let our analyzer reach your site

If your audit failed because a firewall or bot protection blocked our scanner, here's how to let it through – without lowering your security.

Guide

When you run an audit, our scanner fetches your pages the same way a browser or a search engine would. Some sites sit behind a firewall or bot-protection service (Cloudflare, Akamai, AWS WAF, Imperva, Sucuri, PerimeterX, …). If that layer decides our request looks like an unwanted bot, it blocks it before your site ever sees it — and the audit comes back as "the site's firewall blocked our scanner."

This is not a problem with your site's content. It just means the protection layer hasn't been told our scanner is welcome. Here's how to fix it.

What our scanner is

  • We only ever read public pages — no logins, no form submissions, no destructive requests.
  • We do not disguise ourselves to evade protection (no fake browser tricks, no IP rotation, no CAPTCHA solving). If you block us, we stop — we don't try to sneak around it.
  • Our scanner identifies itself with the User-Agent token WR-AuditBot (full string: WR-AuditBot/0.1 (+https://webmaster-ramos.com/contact)).

How a scan reaches your site

Every audit makes its first request as WR-AuditBot — the honest bot identity above — so that if you've allowlisted us by User-Agent, we come straight through. If that first request is blocked, we automatically retry once with an ordinary browser User-Agent, because a bare bot UA is more likely to be auto-challenged by aggressive protection than a normal browser.

That fallback means many audits succeed even without any setup on your side. But allowlisting WR-AuditBot is still the better path:

  • It's deliberate — you decide to let us in, and you can see exactly who we are, instead of relying on a fallback that a stricter WAF may also block.
  • It's stable — no dependence on a browser-UA heuristic that protection vendors tune against over time.
  • It keeps the rest of your bot protection fully on for everyone else.

If both the bot request and the browser-UA retry are blocked, the audit reports "the site's firewall blocked our scanner" — that's when the steps below apply.

Option 1 — Allow our User-Agent (recommended)

Add an allow rule for the WR-AuditBot User-Agent so your protection layer lets it through instead of challenging it.

Cloudflare

  1. Go to Security → WAF → Custom rules (or Tools → User Agent Blocking).
  2. Create a rule: If User Agent contains WR-AuditBot then Skip / Allow (skip Bot Fight Mode, Managed Challenge, and rate limiting).
  3. If you use Bot Fight Mode or Super Bot Fight Mode, add the same User-Agent as an exception, or briefly disable it for the audit.

AWS WAF / Akamai / Imperva / others

  • Add a rule that allows requests whose User-Agent header contains WR-AuditBot, evaluated before your bot / rate-limit rules.

Option 2 — Temporarily relax bot protection for the audit

If you can't add a UA rule, lower the protection just long enough to run one audit, then turn it back up:

  • Cloudflare: set the zone to Essentially Off / No Security (or pause Bot Fight Mode) for a few minutes, run the audit, then restore your setting.
  • Other WAFs: switch the relevant policy to count / monitor mode for the audit window instead of block.

Option 3 — Ask us

Still stuck? Contact us and we'll work out the right allow rule for your setup, or coordinate a scan window with you.

After you've added the rule, come back to your dashboard and run the audit again — it should now complete normally.