LogoLogo
  • Welcome
  • Landing in Transparent Edge
  • Sign up process
  • Getting Started
    • Basics concepts
      • Glosary
        • API
        • Brotli Compression
        • Cache-Control
        • Cache key
        • Caching
        • CNAME
        • Cloud Computing
        • Cloud Computing Architecture
        • Cloud Services
        • DASH
        • Data Center
        • Edge Server
        • ETag
        • GSLB
        • HLS (HTTP Live Streaming)
        • HTTP/2
        • Infrastructure as a Service (IaaS)
        • Internet Exchange Point
        • Last-Modified
        • Load Balancing
        • MultiCDN
        • NoSQL (not only SQL)
        • Origin
        • Origin Shield
        • OTT (Over The Top)
        • Platform as a Service (PaaS)
        • PoP (Point of Presence)
        • Private CDN
        • Private Cloud
        • Public Cloud
        • Purge
        • Query String
        • Reverse Proxy
        • RTT (Round-trip Time)
        • SaaS (Software as a Service)
        • SDS (Software Defined Storage)
        • Smooth Streaming
        • Status Code
        • TCP (Transmission Control Protocol)
        • TLS Acceleration
        • TLS (Transport Layer Security)
        • TTFB (Time-to-first-byte)
        • TTL (Time-to-live)
        • Virtual Machine
        • VPS (Virtual Private Server)
        • Web Services
      • Let's start at the beginning
      • Things to consider
      • Houston, we have a problem
      • HTTP, How does it work?
      • Invalidating methods
      • DNS Pointing
      • Log formats
      • Predefined headers
      • Default headers
        • geo_country_code
        • X-Device
        • Vary
        • Cache headers
        • Age
        • TP-Cache
        • True-Client-IP and X-Forwarded-For
      • Forcing No-Cache
      • Architecture
        • Transparent Edge’s IP addresses
        • Locations and PoP
        • Cache layers
      • Cache effectiveness
      • SSL
      • HTTP 5xx Error Codes
      • Features
        • Protection against origin failures
        • Rate Limit
        • Geolocation and geoblocking
        • Prefechting
        • Refetching
        • Fast purging
        • HTTP Redirects
        • Caching static vs. dynamic objects
        • Rewriting of headers
        • Device detection
    • Dashboard
      • Historic
      • Analytics
      • Invalidating content
      • Content invalidation by tags
      • Prefetching Cache
      • Log shipping
      • Provisioning
        • Initial configuration
        • Backends
        • Sites
        • Configuration deployments
        • Network ACLs
        • TLS/SSL Certificates
      • User management
  • Configuration
    • VCL Reference
      • Default Functions
      • VCL Objects
      • Callable Functions
      • Security restrictions
      • Varnish book
    • Network Access Control List
      • Initial configuration
      • Auto generated lists
      • Manage lists via API
    • i3
      • Quality adjustment
      • Cache timing allocation for transformed images
      • Conversion to grayscale
      • Conversion to WebP
      • Blurring
      • Inclusion of graphics in the footer (strip)
      • Automatic resizing
      • Definition of the maximum size (content-length)
    • Transcoding
      • Relaunch or requeue jobs
      • Create a transcode job
      • Get job information
      • Dashboard usage
    • OpenAPI de TransparentCDN
  • Security
    • HTTPS
    • Blocking User-Agent
    • Blocking by IP Address
    • Blocking Requests Geographically
    • Avoiding Hotlinking
    • Bot Mitigation
    • WAF
      • Configuration
      • CAPTCHA
      • Content protected by token
      • Rate limit
    • Anomaly Detection
      • Detection Types
      • Automatic Reactions
      • Detection History
    • Under attack mode
    • Global Whitelists
  • Integrations
    • Wordpress plugin
    • Google Cloud Platform
    • Amazon Web Services
  • GUIDES AND TUTORIALS
    • How to do things
    • Edge Computing
      • ESI Tags
    • Acting on the Query String
    • Working with cookies
    • Making decisions based on HTTP headers
    • Web Application Gateway
    • Configure your servers to send cache headers
    • Caching a version per device
    • True-Client-IP in the origin
    • A/B Testing
    • Routing traffic to different backends
    • JSON Web Tokens
    • Debug codes
    • Streaming logs
    • API
      • Authentication
      • Invalidation
Powered by GitBook
On this page
  • Bot Mitigation Settings
  • How to enable Bot Mitigation
  • Block
  • JavaScript challenge
  • Captcha
  • Bypass
  • Enhance the detection

Was this helpful?

Export as PDF
  1. Security

Bot Mitigation

Mitigate automated threats based on IP address reputation.

PreviousAvoiding HotlinkingNextWAF

Last updated 7 months ago

Was this helpful?

Transparent Edge Bot Mitigation is in its core a curated IP address reputation database that is updated in real time that protects customer websites from malicious synthetic traffic.

A bot is a software application that runs automated tasks against online services, there are bad bots and good bots.

  • Good bots are usually web scrapers for the search engines (googlebot, bingbot, ...) and respect .

  • Bad bots search the web with malicious intents, trying to find vulnerabilities to exploit, automating denial of service attacks, sabotage websites ...

Detecting a bot can be a trivial task if it's a simple bot, but advanced bots use an ordinary web engine to scrape, navigate links at random intervals, use the mouse... they become almost humans.

Bot Type
Description

Simple

Connects from a single IP address and uses automated scripts that do not try to impersonate as a browser.

Moderate

Uses a headless browser that can even execute javascript.

Advanced

Simulates mouse movements and clics, mimicking human behaviour. Uses browser automation technologies. Used by botnets.

Evasive

Same as advanced but leverages on VPNs, proxies and other spoofing methodologies to hide.

Bot Mitigation Settings

If you have adquired the Bot Mitigation service, you'll be able to access its settings where you can customize the threat detection level per site.

The screenshot below shows a small part of the available options:

How to enable Bot Mitigation

After you've registered a site at the Bot Mitigation settings panel, you can activate an action if a bot is detected according to the established settings.

There are four available actions:

  • block

  • captcha

  • jschallenge

  • bypass

Block

For example if you want to protect your site www.example.com and you've checked to detect IP addresses categorized as abusive and with a minimum risk score of 60 the following VCL code will block the IP addresses that match those settings:

sub vcl_recv {
    # Enable bot mitigation action
    if (req.http.host == "www.example.com") {
        set req.http.TCDN-BM-Action = "block";
    }
}

Of course the condition can be anything you like, perhaps you only want to protect some paths of your website:

sub vcl_recv {
    # Enable bot mitigation action
    if (req.http.host == "www.example.com") {
        if (req.url ~ "^/admin") {
            # Only for /admin*
            set req.http.TCDN-BM-Action = "block";
        }
    }
}

JavaScript challenge

Instead of blocking the request directly, you can protect them using a JavaScript challenge that will filter most of the bots and automated request to your site.

sub vcl_recv {
    # Enable bot mitigation action
    if (req.http.host == "www.example.com") {
        set req.http.TCDN-BM-Action = "jschallenge";
    }
}

Captcha

You can also force a captcha for the detected IP addresses, users that successfully complete the captcha will be able to enter your website and the risk of their IP address will decrease overtime.

sub vcl_recv {
    # Enable bot mitigation action
    if (req.http.host == "www.example.com") {
        set req.http.TCDN-BM-Action = "captcha";
    }
}

Bypass

Lastly, maybe you only want the statistics that the detection engine provides automatically without blocking anything, in that case you can use the bypass option.

sub vcl_recv {
    # Enable bot mitigation action
    if (req.http.host == "www.example.com") {
        set req.http.TCDN-BM-Action = "bypass";
    }
}

Enhance the detection

Our database is very effective and evolves in real time, but there is a faster and complementary way to perform bot detection: using our soft fingerprinting script.

It is a small javascript that you can include in your website. The script will run a test using the javascript engine of the user that connects to your website. The test is really fast and checks characteristics of the JS engine, for example the precision of floating point numbers and sends a small report to our API for deep analysis.

You can also define a more tailored reaction by using the call .

You can find the script in our within the Bot Mitigation settings in our .

dashboard
robots.txt
botm assessment
A demo of the available settings