What does 'Bot management' do?

'Bot management' is a group of three different features that enables you to effectively block out unwanted/malicious bot access to your domain:

  • Security level
  • Challenge passage
  • Challenge mode

This is a very simple, yet effective way of blocking attacks. You can find it under 'Enhanced security' > 'DDoS protection' and scroll down to the 'Application layer' section. 

Look for 'Bot management' and you'll see a switch with three options. Simply toggle the switch and configure the security settings according to your requirement.

Security level

This gives you the ability to set the sensitivity of the challenge trigger. 

The system will track the IP and token for each request for a minute, and then check if the request from the same IP exceeds the 'IP request threshold'. If true, the system will check if the request from the same token exceeds the 'Token request threshold'. If both are true, the challenge will be triggered.

Here are the definitions for the available options:

IP request threshold Token request threshold
Under attack
0 0
0 10
500 30
1,000 30
Essentially off 2,000 30

Challenge passage

Set the timer for the next challenge if the same user/client requests again. For example, if the timer is set to 5 minutes, the challenge will trigger again 5 minutes later after he/she completed it.

Challenge mode

You can select the challenge type based on the situation you're dealing with.

  • Browser-based (standard): a challenge page that will only stop the request for 5 seconds, and will redirect the user back to the domain
  • Browser-based (no delay): this will trigger a javascript to check whether if the request was sent by a bot - this challenge mode is seamless for most real users
  • Human-based: a page that requires users to go through captcha validation