How to install Azion Bot Manager Lite from Azion Marketplace

Azion Bot Manager Lite is a serverless integration available in the Azion Marketplace. It was built on top of an edge function on Edge Firewall, which analyzes incoming requests and assigns them a score based on a set of rules and behaviors. If the score is equal to or greater than the predetermined threshold, the integration executes the defined action. Otherwise, the request is processed (allow, as default action). Available actions for Bot Manager Lite: allow, deny, drop, redirect, custom HTML, random delay, and hold the connection.

This integration enables the detection of suspicious traffic and bad bots, facilitating the implementation of preventive measures against malicious activities such as credential stuffing, vulnerability scanning, and site scraping. Bot Manager Lite leverages machine learning and Reputation Intelligence to analyze the behavior of incoming data.

Getting the integration

To use Azion Bot Manager Lite:

Access Azion Console > Marketplace.
On the Marketplace’s homepage, select the integration’s card.
Once the integration’s page opens, click the Install button in the bottom-right corner of the page.

A successful message appears to confirm your integration is installed.

Configuring the integration

Setting up Edge Firewall

To instantiate Azion Bot Manager Lite, follow the steps:

On the upper-left corner, select Products menu > Edge Firewall in the Secure section.
Click the + Edge Firewall button.
Give an easy-to-remember name to your new edge firewall.
Enable the Edge Functions switch in the Modules section.
Click the Save button.

Done. Now you’ve configured your edge firewall and it has access to Edge Functions.

Setting up the function

While still on the Edge Firewall page:

Select the Functions Instances tab.
Click the + Function Instance button.
Give an easy-to-remember name to your instance.
On the dropdown menu, select the Azion Bot Manager Lite function.

The Arguments code box is where you’ll pass your variables.

{
  "threshold": 10,
  "action": "deny"
}

Even when threshold and action are mandatory variables to be defined, you can add and define more variables, according to your needs, as shown in the example below:

{
  "threshold": 10,
  "action": "deny",
  "disabled_rules": [],
  "log_tag": "my_custom_tag"
}

When you’re done, click the Save button.

For more information and details about the arguments, visit the Azion Bot Manager Lite documentation.

Setting up the Rules Engine

To finish, you have to set up a Rules Engine to configure the behavior and the criteria to run the integration.

Still in the Edge Firewall page:

Select the Rules Engine tab.
Click the + Rules Engine button.
Give an easy-to-remember name to the rule.
- You can add a description, but it’s an optional step.
Select a criteria to run and catch the domains that you want to run the integration on.
- Use this rule: if Request URI does not match "\.(png|jpg|css|js|jpeg|gif|ico|ttf|svg|woff|woff2|ashx|asmx|svc|swf|otf|eot)(\?.*)?$"
  - This rule is strongly recommended to exclude all static data on your application to be processed by the function. You can customize this rule if needed.
You have to create additional criteria for this integration to work: if Request URI does not match /.well-know/
- This rule is highly recommended to create a list of allowed IPs that don’t impact automation or scripts to WEB API.
Below, select Run Function behavior.
Select the adequate function according to the name you gave it during the instantiation step.
Click the Save button.

On the Console, you must now configure your domain so it is protected by your edge firewall.

On the Products menu, select Domains.
Click on the domain you want to protect with your Bot Manager Lite function.
In the Settings section, click on the Edge Firewall selector and choose the edge firewall you’ve just created.
Click the Save button.

Done. You now have your domains protected against bot attacks by using Azion Bot Manager Lite.

Configuring actions:

Azion Bot Manager Lite can execute a set of different actions whenever the request’s score equals or exceeds the defined threshold

For more information, visit the Azion Bot Manager Lite documentation.

Viewing logs

You can use Data Stream and Real-Time Events to get the Bot Manager Lite logs and monitor the bot activity in your applications.

Using Data Stream

To create a new stream for Bot Manager Lite activity:

Access Azion Console > Data Stream.
Click the + Stream button.
Give your stream a unique and easy-to-remember name.
In the Data Settings section, select Edge Functions as Source.

You must be subscribed to Edge Functions.

In Template, select Edge Functions Event Collector and it’ll show the variables to be used in your logs’ analysis in the Data Set code box.
On Domains, select between Filter Domains or All Current and Future Domains.
Under Destination, select a Connector on the dropdown menu.

You’ll see different fields depending on the endpoint type you choose. Find more information on each of them on the Setting an endpoint page.

Click the Save button.

Now, you can check the logs in the selected endpoint.

Using Real-Time Events

To access Real-Time Events, proceed as follows:

Access Azion Console > Real-Time Events.
Select the Edge Functions tab.
Define the Time Filter, according to the period you want to analyze.
Use the Search bar to create a more specific search.

Managing Bot Manager Lite

Azion will provide you with easy-to-go configurations that should be enough for most cases. If you need a more detailed configuration, such as custom rules, you can edit the JSON file for the integration.

To find this file:

On the upper-left corner, select Products menu > Edge Firewall in the Secure section.
Select the one related to Bot Manager Lite.
Open the Functions Instances tab to load the integration’s configuration.
Select the function instance to edit.
Edit the variables in the Arguments code box.
Click the Save button.

Tune Azion Bot Manager Lite to meet the needs of your business.

Go to the Manage Bots Guide