Advanced Bot

User can specify advanced bot settings on this page for Listener

Overview

Bot Protection helps you quickly determine, manage, and mitigate automated requests. You can configure Advance bot settings in order to ensure advanced bot protection.

How to Use:

1. Go to WAF > Listeners > Advanced Settings > Bot Settings

2. Configure your settings

3. Click Save

PARAMETERS

ACCEPTED VALUES

DEFAULT

Token Request URI

String

/__verify/token/

Token Rotation Duration

Integer

Token Error Margin Duration

Integer

Token Name

String

X-Bot-Token

Allow Rooted Devices

Boolean

Bot Token Location

Drop-down

HEADER

Token Encryption Key

Drop-down

Blank

CSRF Cookie Expiry

Integer

CSRF Token Validity

Integer

Captcha Failed Threshold

Integer

Captcha Unanswered Threshold

Integer

Tarpit Delay

Integer

Tarpit Duration

Integer

300

Fingerprint Expiry

Integer

86400

Description

Token Request URI

Users can specify the URI for requesting a token. By default, it is /__verify/token/.

Token Rotation Duration

Users can specify the duration after which the token should be rotated. By default, it is 86400 seconds.

Token Error Margin Duration

Users can specify the duration for error margin for validating token. By default, it is 60 seconds.

Token Name

Users can specify the name of the token to be validated. By default, it is X-Bot-Token.

Allow Rooted Devices

Users can specifyenable it to allow rooted devices.

Bot Token Location

Users can specifythe location where the token is expected. By default, it is HEADER.

Token Encryption Key

Users can specify the encryption key which will be used for token validation. By default, it is blank. To generate, click on Generate button and To download, click on the Download button.

Users can specify the expiry time of the CSRF cookie in seconds. Set 0 to disable CSRF. This value is dependent on the profile CSRF setting that should be enabled to perform mitigation.

CSRF Token Validity

Users can specify the grace time period in seconds for which CSRF token will be allowed.

Captcha Failed Threshold

Users can specify the captcha failed threshold count.

Captcha Unanswered Threshold

Users can specify the captcha unanswered threshold.

Tarpit Delay

Users can specify the trapit delay.

Tarpit Duration

Users can specify the trapit duration.

Note : Tarpit delay and tarpit duration are two different values. for example, user has created a rule of rate limiting of 5mbps and resultant it'll tarpit the end user IP for the tarpit delay of 5 seconds and tarpit duration is set to 10 minutes. it means the end user IP will be get a tarpit delay for 5 seconds for next 10 minutes. After the time end user's IP will be free from tarpit delay and will start getting normal reponse from WAF device.

Fingerprint Expiry

Specify the duration after which fingerprinting will be re-evaluated. By default, it is 86400 seconds.

These settings can be used for Advance Bot protection.

PreviousVariables NextRule Staging

Last updated 3 years ago

Was this helpful?