边缘安全
  • 概述
  • DDoS 防护
    • DDoS 防护概述
    • 使用独立 DDoS 防护
    • 配置独立 DDoS 防护策略
      • 调整 DDoS 防护等级
      • 独立 DDoS 攻击流量告警
      • 配置 IP 黑白名单
      • 配置区域封禁
      • 配置端口过滤
      • 配置特征过滤
      • 配置协议封禁
      • 配置连接类攻击防护
      • 相关参考
        • 处置方式
        • 相关概念介绍
  • Web 防护
    • 概述
    • 配置Web防护策略
    • 托管规则
    • CC 攻击防护
    • 带宽滥用防护
    • 自定义规则
    • 自定义速率限制规则
    • 防护例外规则
    • 托管定制规则
    • Web 安全监控告警
    • 相关参考
      • Web 防护请求处理顺序
      • 处置方式
      • 匹配条件
  • Bot 管理
    • 概述
    • Bot 智能分析
    • Bot 基础特征管理
    • 客户端画像分析
    • 主动特征识别
    • 自定义 Bot 规则
    • Bot 管理例外规则
    • 相关参考
      • 处置方式
  • 策略模板
  • IP 和网段分组
  • 源站防护
  • 自定义响应页面
  • 告警通知推送
  • SSL/TLS
    • 概述
    • 部署/更新 SSL 托管证书至 EdgeOne 域名
    • 使用免费证书部署至 EdgeOne 域名
    • 双向认证
    • HTTPS 配置
      • 强制 HTTPS 访问
      • 启用 HSTS
      • SSL/TLS 安全配置
        • 配置 SSL/TLS 安全等级
        • TLS 版本及密码套件说明
      • 开启 OCSP 装订
    • 引用
      • 使用OpenSSL生成自签名证书
      • 证书格式要求
    • 使用无密钥证书
当前内容仅提供英语版本,中文版我们将尽快补充,感谢您的理解。

处置方式

The bot management module provides multiple action methods. The processing rules for different action methods are as follows:
Action
Purpose
Action description
Subsequent action
Block
Used to block request access to the site (including Cache or non-Cache content).
Responded with an intercept page and intercept status code.
No longer match other Rules.
Allow
Used to skip the remaining rules of the current Security module.
In the current module, the remaining rules no longer match the request.
Continue to match other Effective rules.
Observe
Used for evaluating or Canary security policy.
Only records log, does not take action.
Continue to match other rules.
JavaScript challenge
Used to identify Clients that do not support JavaScript Note 1, commonly found in DDoS attack sources, scanning tools, etc.
Responded with a redirect (HTTP 302) page, the page carries JavaScript code to verify the browser behavior of the Client, and only visitors who pass the verification can continue to access.
Requests that pass the challenge continue to match other rules.
Managed challenge
Used for bot confrontation, first perform JavaScript challenge verification, and then perform CAPTCHA human-machine verification for requests that pass the verification.
First, perform a JavaScript challenge; for Clients that pass the verification, respond with a redirect (HTTP 302) page, carry a CAPTCHA verification, and the user completes the verification through interactive operation. Only visitors who pass both verifications can continue to access.
Requests that pass the challenge continue to match other rules.
Drop w/o response
Belongs to a more intense bot confrontation mechanism, limiting bot concurrent ability by consuming bot network connections.
Maintain TCP connections, but no longer respond to any HTTP Data.
No longer match other management strategies.
Add short latency
Mainly used to limit bot concurrent ability, with obfuscation feature Note 2.
Randomly wait 1-5 seconds before responding.
No longer match other management strategies.
Add long latency
Mainly used to limit bot concurrent ability, with obfuscation feature Note 2.
Randomly wait 8-10 seconds before responding.
No longer match other management strategies.
Note:

Note 1:
Browser Clients that support JavaScript can normally pass the JavaScript challenge verification, while Clients that do not support JavaScript (such as cURL) cannot pass the verification.

Note 2:
Generally speaking, when bot operators detect that their bots are being restricted by bot management policies, they may adjust the characteristics of their bots to bypass bot policies, thereby increasing the difficulty of bot identification. Therefore, long-term operational bot confrontation mechanisms usually have obfuscation features, that is, it is difficult for bot operators to intuitively judge whether their bots are restricted by bot management policies. Confrontation mechanisms with obfuscation features can reduce the cost and difficulty of bot operators without increasing the difficulty of bot identification.

Supports multiple action methods for random execution

Random execution of multiple action methods can help your bot management strategy achieve higher obfuscation intensity, making it more difficult for bot operators to detect. Custom bot rules support the use of multiple action methods to handle requests, and you can configure multiple action methods and their corresponding weights. When the rule matches the request, one of the action methods will be randomly selected for processing based on the weight configuration.
Note:
This capability is only available for configuration within custom bot rules.