Shlumi
Best Practices

How to Block AI Bots Without Breaking Real Users

Aggressive bot blocking causes false positives that hurt real users. Here is how to use confidence scoring and challenge flows to block AI bots precisely.

9 min readJanuary 28, 2025By Shlumi Team

The False Positive Problem

The biggest challenge in bot detection is not detecting bots — it is avoiding false positives. A false positive occurs when your detection system incorrectly classifies a real human user as a bot and blocks or challenges them. This is a serious problem: false positives directly harm user experience, increase bounce rate, and reduce conversion.

Common causes of false positives include:

  • Privacy browsers (Brave, Firefox with strict ETP) that block certain APIs
  • VPN users whose IP addresses are flagged as datacenter IPs
  • Corporate networks with unusual proxy configurations
  • Accessibility tools that modify browser behavior
  • Browser extensions that alter fingerprinting signals

The Confidence Score Approach

The solution to the false positive problem is confidence scoring — rather than making a binary bot/human decision, assign each session a probability score from 0 to 100. This allows you to apply different enforcement actions based on how confident you are that a session is automated:

  • Score 0–30 (Clean): Allow without restriction
  • Score 31–60 (Suspicious): Apply soft restrictions (rate limiting, logging)
  • Score 61–85 (Likely bot): Present a challenge (CAPTCHA, Turnstile)
  • Score 86–100 (Definite bot): Block immediately

This graduated approach means that a Brave browser user who triggers one soft signal (missing plugins) gets a score of 15 and passes through freely — while a Claude computer use session that triggers 8 signals gets a score of 94 and is blocked.

Definitive vs. Soft Signals

Not all signals are equal. Shlumi's scoring engine distinguishes between two types:

Definitive Signals (high weight)

These signals are essentially impossible to trigger in a real browser without automation:

  • navigator.webdriver === true (+60 points)
  • Playwright globals present (window.__playwright) (+50 points)
  • Selenium WebDriver artifacts (+50 points)
  • Known CDP command artifacts (+45 points)

A single definitive signal is sufficient for a high-confidence bot verdict.

Soft Signals (low weight)

These signals are suspicious but can occur in legitimate browsers:

  • Missing browser plugins (+15 points)
  • Unusual viewport dimensions (+10 points)
  • Datacenter IP address (+20 points)
  • No mouse movement in first 5 seconds (+15 points)

Soft signals require clustering — three or more soft signals together indicate automation with reasonable confidence.

The Challenge Flow

For sessions in the "suspicious" range (score 31–85), the best approach is a challenge flow rather than an outright block. A challenge flow presents the user with a verification step — typically a CAPTCHA or Cloudflare Turnstile — that humans can pass but bots cannot.

The challenge flow works as follows:

  1. Shlumi detects a suspicious session and returns action: challenge
  2. The detection script redirects to your /challenge page
  3. The challenge page presents a Turnstile widget
  4. On successful completion, a verification cookie is set and the user is redirected back to their original URL
  5. Subsequent requests from this session bypass the challenge

This approach ensures that legitimate users with unusual browser configurations are never permanently blocked — they simply complete a one-time verification.

IP-Based Access Rules

A complementary approach to signal-based detection is IP-based access rules. AI agent infrastructure typically runs in cloud datacenters — AWS, GCP, Azure, and similar providers. Blocking or challenging traffic from known datacenter IP ranges can significantly reduce AI agent access without affecting real users (who almost never browse from datacenter IPs).

Shlumi's access rules support:

  • Block or challenge specific IP addresses or CIDR ranges
  • Block or challenge traffic from specific countries
  • Block or challenge traffic from known datacenter ASNs
  • Whitelist specific IPs (e.g., your own monitoring tools)

Monitoring and Tuning

Bot detection is not a set-and-forget solution. The threat landscape evolves as AI agents become more sophisticated. Best practices for ongoing management:

  • Review your false positive rate weekly — aim for less than 0.1% of real user sessions challenged
  • Monitor the signal breakdown in your analytics dashboard to identify which signals are firing most
  • Adjust score thresholds based on your traffic mix (B2B SaaS can afford higher thresholds than consumer apps)
  • Use webhook alerts to get notified of sudden spikes in bot traffic

Conclusion

Blocking AI bots without harming real users requires a nuanced, confidence-based approach. Binary block/allow decisions lead to either too many false positives (blocking real users) or too many false negatives (letting bots through). Shlumi's graduated scoring system, challenge flows, and configurable access rules give you the precision to block AI agents confidently while keeping your legitimate users happy.

Topics

block AI botsbot detection false positivesAI bot protectionbot challenge flowconfidence scoringblock without false positives

Protect your site from AI agents

Shlumi detects Claude, Gemini, Playwright, Puppeteer, and 30+ other automation frameworks with a single script tag. Free tier includes 1,000 sessions/month.

Get started free

Related articles

Detection Techniques

How to Detect Claude Browser Automation on Your Website

8 min read

Detection Techniques

Playwright Detection Techniques: How to Identify Automated Browser Testing

6 min read