Amazonbot is finally respecting robots.txt

Amazonbot is finally respecting robots.txt(xeiaso.net)

171 points by xena 4 days ago | 50 comments

I just put Anubis in front of my self-hosted forge this morning because AmazonBot had helped itself to 750 GiB (!) of traffic to my public repos this month!

At least, it claimed to be AmazonBot…

Bender 3 days ago | |

Are they in this space? [1] One could map the ranges into a web daemon and rate limit them or just 'ip route add blackhole ${cidr}' each cidr block.

[1] - https://ip-ranges.amazonaws.com/ip-ranges.json

rnhmjoj 3 days ago | | |

I just do this for the IP ranges of Amazon, OpenAI, Huawei and other companies that run these insane crawlers: it's 100% effective and it doesn't annoy real users with a captcha or some PoW thing. There's simply no reason for them to reach my homeserver other than to scrape the hell out of it.

phdelightful 3 days ago | | |

I didn't check thoroughly, but the first one I happened to grep out was not on that list:

"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36"

"x-forwarded-for":"44.210.204.255" "x-real-ip":"44.210.204.255"

This is a bit outside my area of expertise, so I don't know how reliable these x-forwarded-for and x-real-ip are.

Symbiote 3 days ago | | |

That's all of Amazon AWS, not just Amazon's AI system.

lofaszvanitt 3 days ago | | |

That list is a tad bit too long. Why don't they enforce a rule on these big corps to publicly state which range does what.

faangguyindia 3 days ago | |

In my logs it appears like this:

BOT","cluster_name":"EU","cluster_region":"EU","connection_type":"corporate","country":"US","device_type":"ROBOT","duration_ms":0.391,"duration_us":391,"filter":"","ip":"52.1.106.130","isp":"Amazon.com, Inc.","level":"info","msg":"Request evaluated","org":"Amazon.com, Inc.","os":"","ref":"","region":"Virginia","result":false,"time":"2026-05-15T13:33:20Z","ua":"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36","why":"bot"}

3.227.180.70

23.21.175.228

23.23.137.202

from all these IPs.

userbinator 3 days ago | |

At least, it claimed to be AmazonBot

It's good that you mentioned this; smear campaigns are definitely not a new thing, and I suspect a lot of this DDoS'ing that's going on is a plot to accelerate towards Big Tech's authoritarian dystopia. Basically extortion.

faangguyindia 3 days ago | |

i see the bots with user agent claude bot, using AWS IPs.

I've also seen Google bots with AWS IP ranges. You gotta look at their ASN/ISP/ORG

nathanmills 3 days ago | |

Do you have a robots.txt?

xena 3 days ago | | |

> We are writing to inform you that starting Monday, June 15, 2026, crawl preferences for Amazonbot will be managed solely through the industry-standard directives.

They will in the future, but not today.

jacobn 3 days ago |

I just complained to them the other day! They were scraping our weather website to no end, very much including the disallowed path prefixes.

Did end up just adding them to our WAF blocklist, which is weirdly ironic - hosting on their infra & using their services to block their AI scraper...

BLKNSLVR 3 days ago | |

I hope you leave it on the WAF. If they're only just deciding to respect robots.txt, which has been internet infrastructure forever, then it's probably still incredibly amateur software with 'Amazon-priorities' rather than 'responsible internet traffic' priorities.

tardedmeme 3 days ago | | |

The responsible internet is dead. Every big actor on the internet is selfish now that there's money involved. And has been for 20 years.

Google only respected it because blocking Google from crawling your site used to hurt you more than it hurt Google.

adrianvi 3 days ago | |

step 1: create the problem, step 2: sell the solution, step 3: profit

bstsb 3 days ago |

> Get Outlook for Mac

this bit made me laugh. was the email drafted in Outlook? was it sent to some sort of forwarding mailbox, or did they just BCC every customer in?

jdiff 3 days ago | |

> Looking at the email headers it has a bunch of Exchange-specific headers so it's probably actually from Outlook for Mac.

My guess would be some sort of internal forwarding mailing list, yeah.

hkchad 2 days ago | |

They can't get out of SES sandbox /s

captn3m0 3 days ago |

Good place to ask, saw a new AWS User agent in logs today: Amazon-Quick-on-Behalf-of-$HEXID

I found a mention on some user agent trackers but no official documentation. Anyone knows if it’s documented? Asking because I am seeing decent traffic (30GB/week) from this.

embedding-shape 3 days ago | |

Came across this recently too, seems to be from "Amazon Quick" where crawling other's websites is basically a feature of the product: https://docs.aws.amazon.com/quick/latest/userguide/web-crawl...

> Crawling behavior [...] Crawler identification: Identifies itself with user-agent string "aws-quick-on-behalf-of-<UUID>" in request headers.

Maybe people found a way of using it as a loophole for something or Amazon Quick is just picking up in usage, and your website is popular amongst whoever uses that sort of stuff.

iLoveOncall 3 days ago | |

Amazon Quick is the new name of Quicksight, which is the BI tool from AWS.

It has AI agents included so I guess this can just come from it searching the web based on user requests.

TurdF3rguson 3 days ago |

Why does Amazonbot even exist, can someone explain? I don't understand why an ecommerce play would be crawling other websites.

input_sh 3 days ago | |

To train AI. Not even a hyperbole, that is the only concrete example they list in their explanation: https://developer.amazon.com/amazonbot

> Amazonbot is used to improve our products and services. This helps us provide more accurate information to customers and may be used to train Amazon AI models.

tardedmeme 3 days ago | | |

It would be more fun to respond with false data.

tintor 3 days ago | |

To ensure Amazon marketplace sellers aren't offering lower prices on other ecommerce websites. Also AI.

b112 3 days ago | | |

I was wondering about this. And it makes me think this is all mistruth, unless they plan to drop this pricing tactic.

They've been getting some heat on it lately, but I find it hard to believe they're going to give up entirely? And if so, what's to stop someone from just flouting their rules on pricing, and then doing the robots.txt thing to prevent issues?

embedding-shape 3 days ago | |

Amazonbot is specifically the user agent they use for crawling for "provide more accurate information to customers" (whatever that means, could be anything it sounds like) and also when they scrape for data used in AI training, according to https://developer.amazon.com/amazonbot

reaperducer 3 days ago | |

AI. Gotta slurp the world.

The_President 2 days ago |

I identify bots by known address range. Logs are full of Google Bot scanning for resources and endpoints that don't exist. Further, it is using proxy scanners from other geolocations, to identify potential resource availability by region. These proxied scans hit the same non-existant endpoint from a dozen nodes within 2 seconds of the initial request.

TrackerFF 3 days ago |

Is it just me, or is it extra unethical and self-serving when crawlers from say Amazon(Bot) decides to incessantly crawl AWS hosted websites? Same goes for Google and Microsoft crawlers crawling GC and Azure.

By that, I mean the types of crawls that can hog up significant usage.

arjie 3 days ago |

Huh, I get a lot of traffic from Amazonbot (relative to humans) and try as I might, it would get stuck in a tarpit of no creation because it would sit there and keep blasting every variation of my recent pages because Mediawiki lists many links. I have them appropriately nofollow and warning the bot not to waste its time with robots.txt but it just goes and sticks itself on nonsense internal pages.

The traffic isn't a problem. I've got Cloudflare in front and the machine itself is relatively overpowered, and downtime isn't critical. But I'd just like the thing to be able to spider me properly. Someone did point out to me that maybe I wasn't receiving actual Amazonbot but some other spider: https://news.ycombinator.com/item?id=46352723

rho138 3 days ago |

If it respected the standard then a lack of a robits.txt implies do not crawl, which they openly state they ignore

namegulf 3 days ago |

Robots.txt is lame BTW, there is no way to enforce it. It is up to the bot to decide to crawl or not and most cases they don't care.

Cloudflare had a nice technic to address the bot problem (if you use their name servers). It'll respect and use the robots.txt while sending the remaining bots to a deep black hole.

input_sh 3 days ago | |

Yes, we know, its purpose is to guide the bots, not forcibly block them.

That said, one of the biggest websites in the world not respecting it is definitely a noteworthy story. Hopefully another one of the biggest websites in the world (formerly known as Twitter) eventually respects it as well instead of not even disclosing itself via a user agent and pretending to be Safari running on iOS.

namegulf 3 days ago | | |

Why down vote a comment?

You're talking about one (yes, biggest) but millions of other bots don't follow must be a bigger story.

marginalia_nu 3 days ago | |

Robots.txt is great if you're trying to run an above board operation. Much easier than trying to guess how a webmaster wishes the crawler to behave, and then getting angry emails when you guess wrong.

tardedmeme 3 days ago | | |

It's not great. It used to be very common that robots.txt would Disallow *, Allow GoogleBot which just entrenches the search engine monopoly. In response to this other search engines just used the rules for GoogleBot instead of the rules for their own crawlers.

llbbdd 3 days ago | |

Yeah, robots.txt is a great herald example of the type of solution invented by people who don't understand incentives whatsoever.

Ferret7446 3 days ago | | |

robots.txt is a great herald example of people misunderstanding and misusing a tool. The file was designed to help crawlers, by pointing them to the most valuable to index content and help them avoid wasting resources on useless pages.

The people trying to use it to block or limit bots are uninformed and/or misinformed.

vindin 3 days ago |

robots.txt is merely a gentleman’s courtesy at this point. Nobody is obligated to follow it.

c-hendricks 3 days ago | |

always_has_been.jpg

faangguyindia 3 days ago |

if you run Meta Ads, it's notorious for ddosing your website with bots. Basically, their ad manager sends dozens of click for each variant of ad you post.

lofaszvanitt 3 days ago | |

to exhaust your purse or why?