AI OnAI Off
Unwanted traffic on DXP dxcloud domain name
Worth raising with Optimizely/DXP support as well - in some DXP tiers you can request that the .episerver.net hostname simply not respond publicly, or enforce canonical hostname validation at the CDN/load balancer layer before it even reaches the app. That would be the cleanest fix and removes the burden from the application entirely.
That said, we can also write a middleware to redirect that traffic based on whether the host header matches the .episerver.net pattern, while passing through anything that looks like an internal or legitimate platform request - we just need to be careful to properly exempt warmup and health check endpoints so we don't break those flows.
Apr 23, 2026 15:41
Bots have found the *prod.dxcloud.episerver.net domain name and is crawling the site using that name which bypasses custom CF-rules in place to challenge bots.
Is there some way we could use to steer that traffic away? How have you gotten it done?
I recall warmup or health check might get into issues if we are too strict in the app and redirecting traffic to the primary name.