What does 'Bot management' do?

Bot management is a feature that enables you to effectively manage unwanted/malicious bot access to your domain.

You can find this security feature by navigating to ‘ Origin Shield’ > 'Bot management', and then look for the 'Bot management' box.

Toggle the switch to turn on/off this security feature. You can also change settings based on your security requirement.

There are 3 settings that you can control:

  • Security level
  • Challenge passage
  • Challenge mode

Security level

This gives you the ability to set the sensitivity of the security to trigger the challenge. 

The system will track the IP and token for each request for a minute, and then check if the request from the same IP exceeds the 'IP request threshold'. If true, the system will check if the request from the same token exceeds the 'Token request threshold'. If both conditions are true, the challenge will be triggered.

Here are the definitions for the available options:

Security level IP request threshold Token request threshold
Under attack 0 0
High 0 10
Medium 100 60
Low 2000 60
Essentially off 3000 60

Challenge passage

Set the timer for the next challenge if the same user/client requests again. For example, if the challenge passage is set to 5 minutes, the checking of security thresholds will be triggered again 5 minutes after the same user completed the last challenge.

Challenge mode

You can select the challenge mode based on the situation you're dealing with.

  • Browser-based (no delay): will initiate a JS challenge, which will trace whether the request was sent by a bot or not, before performing the request.
  • Browser-based (standard): will initiate a JS challenge, which will redirect the request to a timer page set for 5 seconds, before performing the request.
  • Human-based: will initiate a CAPTCHA challenge, which redirects the request to a test page where users have to take the “I am not a robot” test, before performing the request.