What does 'Bot management' do?
'Bot management' is a group of three different features that enables you to effectively block out unwanted/malicious bot access to your domain:
- Security level
- Challenge passage
- Challenge mode
This is a very simple, yet effective way of blocking attacks. You can find it under 'Enhanced security' > 'DDoS protection' and scroll down to the 'Application layer' section.
Look for 'Bot management' and you'll see a switch with three options. Simply toggle the switch and configure the security settings according to your requirement.
This gives you the ability to set the sensitivity of the challenge trigger.
The system will track the IP and token for each request for a minute, and then check if the request from the same IP exceeds the 'IP request threshold'. If true, the system will check if the request from the same token exceeds the 'Token request threshold'. If both are true, the challenge will be triggered.
Here are the definitions for the available options:
||IP request threshold||Token request threshold|
| Under attack
Set the timer for the next challenge if the same user/client requests again. For example, if the timer is set to 5 minutes, the challenge will trigger again 5 minutes later after he/she completed it.
You can select the challenge type based on the situation you're dealing with.
- Browser-based (standard): a challenge page that will only stop the request for 5 seconds, and will redirect the user back to the domain
- Human-based: a page that requires users to go through captcha validation