Overview
Menu

Custom Bot Rule

Overview

When you need to customize fine-grained policies for specific bot behaviors or features based on existing Bot management policies, custom bot rules can provide you with flexible matching conditions (such as client IP, header information, request method, static feature recognition, and client reputation analysis results), and can be combined with disposal strategies that randomly select actions by weight, helping you create accurate management strategies to effectively manage the risks brought by bot access to the site.
Note:
Custom bot rules support randomly configuring multiple actions by weight. For example, you can configure 25% of requests as observation, 25% of requests as interception, 25% of requests as release, and 25% of requests as Managed Challenge. This approach can confuse bot tools' perception of bot effectiveness while also helping to reduce risk during the Canary testing phase.

Scenario 1: Silent processing to avoid risks when bot requests for sensitive API interfaces surge

Scenario Example

In Web security analysis, a large number of sudden request accesses to the login interface are found. After reviewing the abnormal clients, the requests mainly come from multiple proxy clients in the 222.22.22.0/24 IP segment, trying to log in to accounts using various types of clients. To urgently mitigate business risks and consume malicious tool resources, silent processing can be used to handle requests from related sources (maintaining client TCP connections but no longer responding to HTTP requests).

Directions

1. Log in to the EdgeOne console and click Site List in the left sidebar. In the site list, click the target site to enter the site details page.
2. On the site details page, click security protection > Bot management to enter the Bot management details page.
3. In the custom bot rule card, click set to enter the configuration page.
4. Click Add Rule, and for the example scenario, you can follow the steps below to configure:
4.1 After filling in the rule name, add the matching condition that the client IP matches the 222.22.22.0/24 IP segment and the User-Agent contains cURL.
4.2 In the perform action section, select Silent processing as the action. The configured rule is shown below.

5. Click OK to complete the rule configuration and issue.

Scenario 2: Implement a combination of multiple disposal methods for Bot management policies on the login page to reduce the risk of account theft (ATO: Account-Take-Over)

Example Scenario

In order to control the risk of account theft and prevent batch login methods from stealing accounts, the business needs to conduct human-machine verification for access to the login page while ensuring the best possible user experience. Clients with a higher credibility level of account takeover risk (including brute force and other account theft methods) can be controlled: a certain proportion of login page accesses will be subject to human-machine verification, while other requests will be subject to a short time wait, ensuring that when tools attempt batch logins, they will trigger a human-machine challenge after a certain number of attempts and avoid high-frequency attempts through short time waits.

Directions

1. Log in to the EdgeOne console and click Site List in the left sidebar. In the site list, click the target site to enter the site details page.
2. On the site details page, click security protection > Bot management to enter the Bot management details page.
3. In the custom bot rule card, click set to enter the configuration page.
4. Click Add Rule, and for the example scenario, you can follow the steps below to configure:
4.1 After filling in the rule name, add the matching condition that the request client reputation equals account takeover IP risk - higher confidence level.
4.2 In the perform action section, first select Managed Challenge as the action, then click Add Action and add the action of Add short latency. Set the weight of Managed Challenge to 20% and the weight of Add short latency to 80%. The configured rule is shown below.

5. Click confirm to complete the rule configuration and issue.