What does 'Bot management' do?

'Bot management' is a feature that enables you to effectively manage unwanted/malicious bot access to your domain.

You can find it under ‘CDN’ > 'Enhanced security' > 'DDoS protection' and scroll down to the 'Application layer' box. 

Look for the 'Bot management' section and you will see a switch. Simply toggle the switch on, and configure the settings according to your requirement.

There are 3 settings that you can control:

  • Security level
  • Challenge passage
  • Challenge mode

Security level

This gives you the ability to set the sensitivity of the security to trigger the challenge. 

The system will track the IP and token for each request for a minute, and then check if the request from the same IP exceeds the 'IP request threshold'. If true, the system will check if the request from the same token exceeds the 'Token request threshold'. If both conditions are true, the challenge will be triggered.

Here are the definitions for the available options:

Security level IP request threshold Token request threshold
Under attack 0 0
High 0 10
Medium 100 60
Low 2000 60
Essentially off 3000 60

Challenge passage

Set the timer for the next challenge if the same user/client requests again. For example, if the challenge passage is set to 5 minutes, the checking of security thresholds will be triggered again 5 minutes after the user completed the last challenge.

Challenge mode

You can select the challenge type based on the situation you're dealing with.

  • Browser-based (no delay): will initiate a JS challenge, which will trace whether the request was sent by a bot or not, before performing the request.
  • Browser-based (standard): will initiate a JS challenge, which will redirect the request to a timer page set for 5 seconds, before performing the request.
  • Human-based: will initiate a CAPTCHA challenge, which redirects the request to a test page where users have to take the “I am not a robot” test, before performing the request.