Table of Contents

Custom Bot Configuration

Rama Sadhu Updated by Rama Sadhu

AppTrana WAAP's BOT Protection module blocks or allows requests based on the BOT score of the request source IP. Get more insights on Bot Protection.

Here, the enhancement aims to add flexibility to the BOT module within AppTrana. It will empower the user to customize the custom rules based on the bot score assigned to the request source.

The new capabilities to bot actions are available in Self-Service Rules with newly added parameters and rule actions.

Follow the demo steps to access the custom rules under Self-service Rules:

AppTrana WAAP -> Settings-> “WAF" tab - > Custom Rule Categories-> Create Custom Rules

What’s New!

Request Parameter 

Bot score (Source)- Enables users to customize actions based on the bot score of incoming requests. Refer to the "Customize Application Behavior with Bot Score" walk-through for detailed information on bot scores.

Under Rule Action

Captcha

If the rule condition matches, generates a captcha. If the captcha is not solved, the user will continue to see captcha challenges until it is solved.

Drop

If the request and client meet the rule's conditions, the request isn't sent to the origin server, and the WAF doesn't respond. Each drop is logged and contributes to the anomaly-based scoring mechanism of the bot.

Crypto Challenge

If the request and client parameters match, a Crypto challenge is presented to the end-user. Like the captcha, the client must solve the crypto challenge to proceed.

 

This action adds load to the CPU, so it is implemented as a delay mechanism.

 

Increase

Bot

Score

If the request and client parameters match the conditions defined in the rule, the user is permitted to increase the bot score with a fixed rate – either drastic or marginal.

 

Use Cases for Bot Mitigation

Example 1

You notice that certain user registration requests show patterns indicative of bot activity, such as rapid submissions from the same IP address within a short time frame.

Select the Bot score under the request parameter to set up a custom rule based on the bot score.

Moderate Bot Activity

Condition-   Medium bot score range (61 to 80) for suspicious login attempts.

Action - Show CAPTCHA

Login attempts with medium bot scores indicate a moderate likelihood of bot traffic. By displaying a CAPTCHA, you can verify the authenticity of the user before granting access to the platform.

High Bot Activity

Condition: Bot scores indicate a high likelihood of bot traffic (above 90%).

Action: Drop the request or present a Crypto Challenge

With such a high bot score, the traffic is probably from bots. You can prevent potentially malicious activity on your site by dropping the request or presenting a Crypto Challenge.

These rule actions are not exclusively applicable to Bot score; they can also be utilized with other request parameters.

Example 2

You observe an unusually high volume of requests from the "/home" URL path, which doesn't align with typical user behavior or expected traffic patterns.

Condition: URL matches "/home."

Action: Drop the request.

Example 3

You notice that requests from a specific URL page display abnormal behavior, with a notably high bot score.

Condition: URL is "/api/data" and the bot score falls within the High range

Click Add more match to add more conditions

Action: Show Crypt Challenge

Example 4

You notice a surge in suspicious activity originating from requests to a specific URL on your website, indicating potential bot traffic. Follow these steps to set up this URL as bot-generated and take appropriate action:

Condition 1: URL matches "/api/data."

Condtion 2 : Add another match for HTTP methods as a request parameter.

Operate: Equal to "POST" (indicating non-GET requests).

Comparing Value: Options (for any available HTTP methods)

Action: Increase Bot Score.

Threshold: Marginal increase in score (+5).

You can also set up rules for a drastic increase in bot score (+10) for more severe cases of suspicious activity.

How did we do?

Configuring Custom Error and Maintenance Pages in AppTrana WAAP

Customize Application Behavior with Bot Score

Contact

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.