Reference: Bot mitigation settings¶
WAF can proactively defend your applications against automated attacks by bots. The bot defense method prevents layer 7 DoS attacks, web scraping, and brute force attacks from starting. You can fine-tune the mitigation settings of which bots to enforce, allow, alert or ignore.
For more information about Bot Protection, see Overview: Bot Protection For more information about managing settings for bot protection, see Bot Protection
Bot mitigation¶
The following describe types of bots that your WAF policy can protect against:
Malicious bot¶
Malicious clients that are detected using bot signatures, browser verification tests, and anomaly detection heuristics. These bots can include DoS tools, exploit tools, and vulnerability scanners.
Default setting: Alarm & Block
Suspicious browser¶
Browser clients that failed specific browser verification tests.
Default setting: Alarm
Untrusted bot¶
Clients that are detected with signatures for non-malicious tools and bots, such as crawlers, site monitors, and HTTP libraries.
Default setting: Alarm
Trusted bot¶
Clients that are detected and verified with search engine signatures.
Default setting: Detect
Browser¶
Browser clients that successfully passed browser verification tests.
Default setting: Detect
Unknown¶
Clients that were not classified by any other class. Typically, these are non-browser clients that cannot be identified using known bot signatures.
Default setting: Alarm
Mitigation options¶
Ignore - All bot signatures and anomalies of this mitigation class are disabled and are not checked.
Detect- Bot detection is preformed and logged, but the request is not flagged with an alarm or blocked.
Alarm - Bot detection is performed, and flagged with an alert, but the request is not blocked.
Alarm & Block - Bot detection is performed, flagged with an alert and the request is blocked.