How to install Azion Bot Manager from Azion Marketplace

Azion Bot Manager is a serverless integration available at Azion Marketplace. It was built on top of an edge function on Edge Firewall that analyzes incoming requests and gives them a score based on a group of rules and behaviors. If the score is equal to or greater than the predetermined threshold, the integration executes the defined action. Otherwise, the request is processed (allow, as default action). Available actions for Bot Manager: allow, deny, drop, redirect, custom HTML, random delay, and hold the connection.

This integration enables the detection of suspicious traffic and bad bots, facilitating the implementation of preventive measures against malicious activities such as credential stuffing, vulnerability scanning, and site scraping. Bot Manager leverages machine learning and Reputation Intelligence to examine the behavior of incoming data.


To use Azion Bot Manager:

  1. Access Azion Console > Marketplace.
  2. On the Marketplace’s homepage, select the integration’s card.
  3. Once the integration’s page opens, click the Install button, at the bottom-right corner of the page.

A successful message appears to confirm your integration is installed.


To instantiate Azion Bot Manager, follow the steps:

  1. On the upper-left corner, select Products menu > Edge Firewall in the Secure section.
  2. Click the + Rule Set button.
  3. Give an easy-to-remember name to your edge firewall.
  4. Select the domains you want to protect with the function.
  5. Enable the Edge Functions switch in the Modules section.
  6. Click the Next button.

Done. Now you’ve created your edge firewall for your function and it has access to Edge Functions.

While still on the Edge Firewall page:

  1. Select the Functions Instances tab.
  2. Click the + Add button.
  3. Give an easy-to-remember name to your instance.
  4. On the dropdown menu, select the Azion Bot Manager function.

The Arguments code box is where you’ll pass your variables.

{
"threshold": 10,
"action": "deny"
}

Even when threshold and action are mandatory variables to be defined, you can add and define more variables, according to your needs, as shown in the example below:

{
"threshold": 10,
"action": "deny",
"disabled_rules": [],
"log_tag": "my_custom_tag"
}

Where:

VariableTypeRequiredDescription
actionStringYesThe action to be taken by the function whenever the request’s score is greater or equals the defined threshold. Possible values: allow, deny, redirect, custom_html, drop, random_delay, and hold_connection. Read more about configuring actions
thresholdNumberYesThe maximum score that the request can reach before the function takes an action. If it has no value, the function won’t take action
disabled_rulesArray of numbersNoThe rules to be disabled. If a rule is disabled, it won’t be processed nor increment the request score
internal_logsStringNoThe Logging Class that the function will use. Possible values:
0: write logs if the request score is greater than 0.
1: only write logs if the request score is greater than 0, or if the request is classified as “Good Bot”.
2: always write logs.
3: never write logs.
Default value: 0. When this field has no value or has an invalid value, the function will use the default value
log_all_headersBooleanNoDefines whenever or not all the request headers should be sent in the function’s log. Note: the headers’ values are going to be stored with base64 encode
log_tagStringNoA tag to identify the function instance that generated the request in the logs. It’s recommended to use customized and unique tags
session_signature_keyStringNoThis string is used to sign, as encrypted data, the signed bot session cookie. This validation protects against cookie tampering. If this field has no value or an invalid value, the function will use the default value az
should_write_warning_logsBooleanNoDefines whether the function will write warning logs to Real-Time Events. Default value: false
  1. When you’re done, click the Next button.

To finish, you have to set up a Rules Engine to configure the behavior and the criteria to run the integration.

Still in the Edge Firewall page:

  1. Select the Rules Engine tab.
  2. Click the + Rules Engine button.
  3. Give an easy-to-remember name to the rule.
    • You can add a description, but it’s an optional step.
  4. Select a criteria to run and catch the domains that you want to run the integration on.
    • Use this rule: if Request URI does not match "\.(png|jpg|css|js|jpeg|gif|ico|ttf|svg|woff|woff2|ashx|asmx|svc|swf|otf|eot)(\?.*)?$"
      • This rule is strongly recommended to exclude all static data on your application to be processed by the function. You can customize this rule if needed.
  5. You have to create additional criteria for this integration to work: if Request URI does not match /.well-know/
    • This rule is highly recommended to create a list of allowed IPs that don’t impact automation or scripts to WEB API.
  6. Below, select Run Function behavior.
  7. Select the function according to the name you gave it in step 3.
  8. Click the Next button.

Done. You now have your domains protected against bot attacks by using Azion Bot Manager.


Azion Bot Manager can execute 7 different actions whenever the request’s score equals or exceeds the defined threshold. Read more about each one below:

  1. allow: allows the continuation of the request. To enable this action, you must declare it as follows:
"action": "allow"

This action doesn’t require any additional arguments.

If the score is less than the predetermined threshold, the request is processed, being allow the default action.

  1. deny: delivers a standard Status Code 403 response. To enable this action, you must declare it as follows:
"action": "deny"

This action doesn’t require any additional arguments.

  1. drop: terminates the request without a response to the user. To enable this action, you must declare it as follows:
"action": "drop"

This action doesn’t require any additional arguments.

  1. redirect: allows the request to be redirected to a new URL/location when the security threshold is reached. To enable this action, you must declare the variables as in the example:
"action": "redirect",
"redirect_to": "http://xxxxxxxxxx.map.azionedge.net/"

Where redirect_to: defines the new URL/location to redirect the requests. If this field isn’t filled or filled with a value that isn’t a string, the function will behave as if the allow action was enabled.

  1. custom_html: allows customized HTML content to be delivered to the user in case of a threshold violation. To enable this action, you must declare the variables as in the example:
"action": "custom_html",
"custom_html": "This should be the custom HTML content",
"custom_status_code": 418,

Where custom_html defines the HTML content to be delivered and custom_status_code is the status code to be delivered.

  • If custom_html isn’t filled or it’s filled with a value that isn’t a string, the function will behave as would happen with the allow action enabled.
  • If custom_status_code isn’t filled or it’s filled with a value that isn’t a number, the default value will be a Status Code 200.
  1. random_delay: makes the function wait for a random period between 1 and 10 seconds before allowing the request to proceed. To enable this action, you must declare it as follows:
"action": "random_delay"

This action doesn’t require any additional arguments.

  1. hold_connection: holds the request, keeping the connection open for 1 minute before dropping it. To enable this action, you must declare it as follows:
"action": "hold_connection"

This action doesn’t require any additional arguments.


You can use Data Stream and Real-Time Events to get the Bot Manager logs and monitor the bot activity in your applications.

To create a new stream for Bot Manager activity:

  1. Access Azion Console > Data Stream.
  2. Click the Add button.
  3. Give your stream a unique and easy-to-remember name.
  4. In the Data Settings section, select Edge Functions as Source.
  • You must be subscribed to Edge Functions.
  1. In Template, select Edge Functions Event Collector and it’ll show the variables to be used in your logs’ analysis in the Data Set code box.
  2. On Domains, select between Filter Domains or All Current and Future Domains.
  3. Under Destination, select a Connector on the dropdown menu.
  • You’ll see different fields depending on the endpoint type you choose. Find more information on each of them on the Setting an endpoint page.
  1. Click the Next button.

Now, you can check the logs in the selected endpoint.

To access Real-Time Events, proceed as follows:

  1. Access Azion Console > Real-Time Events.
  2. In Data Source, select Edge Functions.
  3. Define the Time Filter, according to the period you want to analyze.
  4. Use the Filter by bar to create a more specific search.

Azion will provide you with easy-to-go configurations, that should be enough for most of the cases. If you need a more detailed configuration, such as custom rules, you can edit the JSON file for the integration.

To find this file:

  1. On the upper-left corner, select Products menu > Edge Firewall in the Secure section.
  2. Select the one related to Bot Manager.
  3. Open the Functions Instances tab to load the integration’s configuration.
  4. Select the function instance to edit.
  5. Edit the variables in the Arguments code box.

Tune Azion Bot Manager according to the necessities of your business.

go to manage bots guide

Contributors