请选择
Edge Security
  • Overview
  • DDoS Protection
    • DDoS Protection Overview
    • Exclusive DDoS Protection Usage
    • Configuration of Exclusive DDoS protection Rules
      • Increase DDoS Protection Level
      • Exclusive DDoS Traffic Alarm
      • Configuration IP blocklist/allowlist
      • Configuration Region Blocking Rule
      • Configuration Port Filtering
      • Configuration Features Filtering
      • Configuration Protocol Blocking Rule
      • Configuration Connections Attack Protection
      • Related References
        • Action
        • Related Concepts Introduction
  • Web Protection
    • Overview
    • Managed rules
    • CC attack defense
    • Custom rule
    • Custom Rate Limiting Rules
    • Exception Rules
    • Managed Custom Rules
    • Web security monitoring alarm
    • Refer
      • Web Protection Request Processing Order
      • Action
      • Match Condition
  • Bot Management
    • Overview
    • Bot Intelligent analysis
    • Bot Basic Feature Management
    • Client Reputation
    • Active Detection
    • Custom Bot Rule
    • Bot Exception Rule
    • Related References
      • Action
  • Rules Template
  • IP and IP Segment Grouping
  • Origin Protection
  • Custom Response Page
  • Alarm Notification
  • SSL/TLS
    • Overview
    • Deploying/Updating SSL Certificate for A Domain Name
    • Configuring A Free Certificate for A Domain Name
    • HTTPS Configuration
      • Forced HTTPS Access
      • Enabling HSTS
      • SSL/TLS Security Configuration
        • Configuring SSL/TLS Security
        • TLS Versions and Cipher Suites
      • Enabling OCSP Stapling

Action

The bot management module provides multiple action methods. The processing rules for different action methods are as follows:
Action
Purpose
Action description
Subsequent action
Block
Used to block request access to the site (including Cache or non-Cache content).
Responded with an intercept page and intercept status code.
No longer match other Rules.
Allow
Used to skip the remaining rules of the current Security module.
In the current module, the remaining rules no longer match the request.
Continue to match other Effective rules.
Observe
Used for evaluating or Canary security policy.
Only records log, does not take action.
Continue to match other rules.
JavaScript challenge
Used to identify Clients that do not support JavaScript Note 1, commonly found in DDoS attack sources, scanning tools, etc.
Responded with a redirect (HTTP 302) page, the page carries JavaScript code to verify the browser behavior of the Client, and only visitors who pass the verification can continue to access.
Requests that pass the challenge continue to match other rules.
Managed challenge
Used for bot confrontation, first perform JavaScript challenge verification, and then perform CAPTCHA human-machine verification for requests that pass the verification.
First, perform a JavaScript challenge; for Clients that pass the verification, respond with a redirect (HTTP 302) page, carry a CAPTCHA verification, and the user completes the verification through interactive operation. Only visitors who pass both verifications can continue to access.
Requests that pass the challenge continue to match other rules.
Drop w/o response
Belongs to a more intense bot confrontation mechanism, limiting bot concurrent ability by consuming bot network connections.
Maintain TCP connections, but no longer respond to any HTTP Data.
No longer match other management strategies.
Add short latency
Mainly used to limit bot concurrent ability, with obfuscation feature Note 2.
Randomly wait 1-5 seconds before responding.
No longer match other management strategies.
Add long latency
Mainly used to limit bot concurrent ability, with obfuscation feature Note 2.
Randomly wait 8-10 seconds before responding.
No longer match other management strategies.
Note:

Note 1:
Browser Clients that support JavaScript can normally pass the JavaScript challenge verification, while Clients that do not support JavaScript (such as cURL) cannot pass the verification.

Note 2:
Generally speaking, when bot operators detect that their bots are being restricted by bot management policies, they may adjust the characteristics of their bots to bypass bot policies, thereby increasing the difficulty of bot identification. Therefore, long-term operational bot confrontation mechanisms usually have obfuscation features, that is, it is difficult for bot operators to intuitively judge whether their bots are restricted by bot management policies. Confrontation mechanisms with obfuscation features can reduce the cost and difficulty of bot operators without increasing the difficulty of bot identification.

Supports multiple action methods for random execution

Random execution of multiple action methods can help your bot management strategy achieve higher obfuscation intensity, making it more difficult for bot operators to detect. Custom bot rules support the use of multiple action methods to handle requests, and you can configure multiple action methods and their corresponding weights. When the rule matches the request, one of the action methods will be randomly selected for processing based on the weight configuration.
Note:
This capability is only available for configuration within custom bot rules.