How #CloudFlare detects #AWS Lambda request

In the constant cat and mouse game between bots and site owners, there are the “guardians”, such as DataDome, CloudFlare, Akamai, and various other WAF systems to try and keep the bots at bay.

Many “bots” are implemented as AWS Lambda functions, and when suitably routed via a proxy, with realistic looking headers, then they are hard to detect by CloudFlare. However, a http-header that is injected into outbound HTTP requests by AWS has become an indicator to CloudFlare that the request is coming from AWS Lambda, and not a user’s browser.

Here, the header being “x-amzn-trace-id” which is used by AWS X-Ray, is hard to disable, and is a give-away to CloudFlare indicating some likely bot action. If it is removed, then the trap resets, and the mouse gets away again!

Leave a Reply

Your email address will not be published.