Reference: Bot mitigation settings

WAF can proactively defend your applications against automated attacks by bots. The bot defense method prevents layer 7 DoS attacks, web scraping, and brute force attacks from starting. You can fine-tune the mitigation settings of which bots to enforce, allow, alert or ignore.

For more information about Bot Protection, see Overview: Bot Protection For more information about managing settings for bot protection, see Bot Protection

Bot mitigation

The following describe types of bots that your WAF policy can protect against:

Malicious bot

Malicious clients that are detected using bot signatures, browser verification tests, and anomaly detection heuristics. These bots can include DoS tools, exploit tools, and vulnerability scanners.

Default setting: Alarm & Block

Suspicious browser

Browser clients that failed specific browser verification tests.

Default setting: Alarm

Untrusted bot

Clients that are detected with signatures for non-malicious tools and bots, such as crawlers, site monitors, and HTTP libraries.

Default setting: Alarm

Trusted bot

Clients that are detected and verified with search engine signatures.

Default setting: Detect

Browser

Browser clients that successfully passed browser verification tests.

Default setting: Detect

Unknown

Clients that were not classified by any other class. Typically, these are non-browser clients that cannot be identified using known bot signatures.

Default setting: Alarm

Mitigation options

Ignore - All bot signatures and anomalies of this mitigation class are disabled and are not checked.

Detect- Bot detection is preformed and logged, but the request is not flagged with an alarm or blocked.

Alarm - Bot detection is performed, and flagged with an alert, but the request is not blocked.

Alarm & Block - Bot detection is performed, flagged with an alert and the request is blocked.