How to manage bots

You can protect your applications and their contents from bot attacks through Azion Edge Computing Platform. To do so, you leverage on edge functions and allow a serverless solution aligned with Edge Firewall security policies to execute this task.

Check Edge Firewall integrations on Marketplace to find the available integrations for bot protection.

Implementation

Section titled Implementation

Azion provides the Bot Manager integration through Azion Marketplace.

It works as an Edge Firewall integration, needing an edge firewall instance configured and the Edge Functions module enabled.

go to bot manager installation guide

Capabilities

Section titled Capabilities

By installing and instantiating the Bot Manager integration, you’re able to count on a set of possible settings and customizations:

  • Take advantage of the features of Azion Edge Firewall and Rules Engine to protect your network, applications, and assets from bad bots.
  • Obtain a score-based analysis to identify the type of bots, based on rules and behaviors.
  • Identify between good and bad bots, including bad bot signatures, malicious intent detected, scripted bots, and malicious browser behavior.
  • Benefit from using Reputation Intelligence to establish a profile of each person who visits your site.
  • Use Data Stream to receive logs.
  • Customize the function to better attend to your needs.

Practical examples

Section titled Practical examples

Once you’ve installed and configured the Bot Manager integration on Edge Firewall, you can customize a few configurations to support certain cases.

Prevent bad bots and dangerous traffic

Section titled Prevent bad bots and dangerous traffic

To set up an edge function, follow the steps in Setting up the function.

Then, on the Arguments tab, pass the following variable to include a network list:

{
    "reputation_network_lists": [2]
}

The network list 2 is the list of IPs provided by Azion through Origin Shield. By adding it to the Arguments, the Bot Manager integration will increase the request score for IPs contained in that list.

Use Real-Time Events to observe and calibrate rules

Section titled Use Real-Time Events to observe and calibrate rules

To set up an edge function, follow the steps in Setting up the function.

Then, on the Arguments tab, pass the following variable to calibrate Real-Time Events:

{
    "action": "allow",
    "internal_logs": "2"
}

By adding these variables, all the requests passed through the Bot Manager integration will be logged and exhibited on Real-Time Events.

You can query the Edge Functions dataset to analyze and identify possible patterns. The message_content variable can provide more specific information on Remote Address, User-Agent, geolocation, WAF behaviors such as matched rules, and more.

Use Data Stream as observability tool

Section titled Use Data Stream as observability tool

To set up an edge function, follow the steps in Setting up the function.

Then, you can use Data Stream to integrate with stream processing, SIEM, and big data platforms by using the Edge Functions source and the Edge Functions Event Collector template. This way, you can send your logs to the connector you use and monitor Bot Manager events.



Contributors