Pro plan: P1 bot traffic passing WAF challenges at scale

Help
,
1

Current behavior

  • I’m seeing a bot/scraper/DDOS-style spike that ramps up fast.
  • In Vercel Firewall analytics, this traffic shows a high “challenge solved” rate and a large increase in Allowed requests.
  • If I set a rule to Deny the JA4 digest, it blocks legit users (it blocked me too), so I can’t leave it as Deny.
  • If I switch the JA4 rule to Challenge, it does not reduce the volume in a meaningful way.

Fingerprint involved:

  • JA4 digest: t13d1516h2_8daaf6152771_d8a2da3f94cd
  • UA often seen (spoofable and tends to rotate):
    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36

Expected behavior

  • A challenge should materially reduce automated request volume or fail more often under automation.
  • I need a mitigation that works even when:
    • IPs rotate (residential/proxy style)
    • paths are highly variable
  • I also need guidance that avoids blocking legit traffic.

Code, configuration, and steps to reproduce

Vercel Firewall configuration

Plan: Pro
No Cloudflare in front. Traffic hits Vercel directly.

Managed protections:

  • AI Bots Managed Ruleset: Enabled

Custom rules (in order):

  1. Rule: Match JA4 digest
  • Condition: JA4 Digest == t13d1516h2_8daaf6152771_d8a2da3f94cd
  • Action tried:
    • Deny → blocks legitimate traffic (unacceptable)
    • Challenge → attacker still passes at high rate (like 20-50%, however attacker behavior is clearly automated)
  1. Attack Mode
  • Enabled during active spike (temporary, does not work)
  • Result: traffic still shows high “challenge solved” and Allowed requests remain high

Steps

  1. Observe traffic spike in firewall / observability.
  2. Create rule matching JA4 digest above.
  3. Set action to Challenge.
  4. (Optional) Enable Attack Mode during the spike.
  5. Observe that:
  • challenge solve rate stays high
  • Allowed request volume stays high
  1. Switch the rule to Deny and confirm it blocks legit users (so it’s not viable).
    Obviously you can’t follow these if you’re not attacked but I include them anyway

Evidence / data (include what you can)

Time window (ET): 12/18-12/19/25

Screenshots attached. Comical. Note that I enabled bot protection after I took this screenshot. It had no effect.

Screenshot 2025-12-19 at 8.07.32 AM
Screenshot 2025-12-19 at 8.07.32 AM1920×1165 196 KB

Support case reference:

  • Vercel support case: 889321 - My case has only gotten one canned responses from a support agent who didn’t read it and didn’t put any effort to respond in.

Questions

  1. Is Vercel seeing an abnormal “challenge solved” rate for this JA4 digest?
  2. Is there a stronger mitigation when an actor can solve challenges at scale?
  3. What rate limiting approach works best here (key choice + safe starting thresholds) given rotating IPs and variable paths?
  4. Are there behavior/fingerprint controls beyond User-Agent that Vercel recommends?
  5. Can Vercel apply any managed blocks server-side for this pattern? This is a really sophisticated and expensive attack because it chews up resources.
5

Hi there, I see that there’s an ongoing support thread about this and our Support team experts are sharing solutions there. To avoid miscommunication or duplicates I’ll defer to them.

6

They closed my ticket and did not resolve the issue, then issued me a refund. It would be nice if someone from the Vercel team could actually address this.