Azion Bot Manager

Azion Bot Manager uses advanced intelligent algorithms that allow machine learning and Reputation Intelligence to analyze the behavior of incoming data. This enables the detection of suspicious traffic and bad bots, facilitating the implementation of preventive measures against malicious activities such as credential stuffing, vulnerability scanning, and site scraping.

This integration assigns a score to every request based on rules, behaviors, and Reputation Intelligence. If the score exceeds a predetermined threshold, the integration executes the predetermined action to deny, drop, or redirect the request.

By using Bot Manager, you can:

  • Enhance user experience

    • Reducing the impact of bots on the entire infrastructure.
    • Providing bot protection by IP reputation.
    • Defining custom rule management to act on individual bots based on previous content extraction activity from requests.

  • Increase visibility

    • Measuring the amount and characteristics of the bot traffic trying to access your website, APIs, and applications.
    • Using the observability tools provided by Azion to monitor the malicious activity.
    • Combining other integrations to enhance Bot Manager efficiency, through the use of fingerprint, captchas, JavaScript injection, or SDKs, to create robust rules.

  • Reduce financial risk

    • Protecting your website and applications against credential abuse, card balance verification, and other forms of online fraud.

Implementation

ScopeDescription
How to install Azion Bot ManagerStep-by-step guide to install and configure the Bot Manager integration.
Azion IntegrationsReference to deepen the basics of Azion Integrations, how they work, and how you can start using them.

How Azion Bot Manager works

Azion Bot Manager is a serverless integration available at Azion Marketplace.

This integration is based on an edge function that runs on Edge Firewall. This type of function takes advantage of the features and modules of Edge Firewall to protect your network, applications, and resources from security threats, including bad bot signatures or scripted bots.

On a high-level, it works this way:

  1. A request reaches a domain using Bot Manager.
  2. Edge Firewall receives the request.
  3. The function is executed and starts all the analytics processes, including:
  • Retrieving the requested data, including device, browser, and network data, fingerprint, among others.
  • Identifying and classifying the request according to advanced intelligent algorithms and Reputation Intelligence.
  • Defining the behavior according to the rules engine criteria.
  1. Bot Manager assigns a score to the request.
  2. If the score is equal to or higher than the predetermined threshold, the predefined preventive action is executed.

Bot Manager is able to execute 7 different actions whenever the request’s score is greater or equals than the defined threshold:

  • allow: allows the continuation of the request.
  • deny: delivers a standard Status Code 403 response.
  • drop: terminates the request without a response to the user.
  • redirect: allows the request to be redirected to a new URL/location when the security threshold is reached.
  • custom_html: allows customized HTML content to be delivered to the user in case of a threshold violation.
  • random_delay: makes the function wait for a random period between 1 and 10 seconds before allowing the request to proceed.
  • hold_connection: holds the request, keeping the connection open for 1 minute before dropping it.

All these actions can be configured for web and mobile applications, as well as APIs, offering protection in different environments.

Use cases

Bot Manager was developed by Azion to attend to use cases involving common practices of malicious bots and traffic.

  • Reputation Intelligence
  • Bot attacking
  • Account takeover
  • Credential stuffing
  • Vulnerability scanning
  • Brute force attacks
  • Web scraping
Go to how to install Bot Manager guide

Features

Azion Bot Manager is composed by different features that you can take advantage of.

Reputation Intelligence

By using Reputation Intelligence, Bot Manager establishes an additional security perimeter, cataloging the inbound and outbound traffic, based on Network Lists, maintained and constantly updated by Azion. Through these lists, Bot Manager is able to identify the profile of each request trying to reach your site.

Network Lists used by Bot Manager include criterias such as:

  • Tor Exit Nodes
  • Reputation
  • Proxies
  • Malware
  • Fraud
Go to network lists reference

Bot classification

Based on the scores and Reputation Intelligence, the integration is able to classify different types of bots and traffic.

  • Legitimate traffic

  • Good bots

    • Social network bot
    • Monitoring bot
    • Aggregator bot
    • Enterprise bot
    • Search engine bot

  • Bad Bots

    • Bad bot signatures
    • Malicious intent detected
    • Scripted bots
    • Malicious browser behavior
    • Reputation Intelligence

Device identification

Bot Manager leverages advanced techniques to identify and distinguish between legitimate devices and potentially malicious bots attempting to access your digital assets. The integration is capable of generating a user ID for each device.

To further enhance its protective capabilities, it allows for the incorporation of additional security layers through other integrations and resources, such as SDKs, JavaScript injection, and Fingerprint to collect more granular data.

Redirect

One of the actions Bot Manager is able to execute is redirect. It allows the request to be redirected to a new URL/location, specified in the JSON args, when the security threshold is reached.

Custom HTML

The integration allows customized HTML content to be delivered to the user in case of a threshold violation, thanks to the custom_html action. You can create a custom message to exhibit to users in case of threshold violation.

Delayed response

This action allows for introducing delays in responses in cases where bots attempt to make requests. It increases the cost of the attack by holding the attacker for a longer time in a request that won’t return a valid response, thereby increasing the probability that the attacker will abort or give up on the attack.

Modes

Azion Bot Manager allows you to define the environment in which the function is expected to run, being API or a web application the possible modes. The default mode is web. If any value other than the string api (case-sensitive in lowercase) is provided, the web mode will be used as the default configuration.

By enabling the api mode, no Set-Cookie will be executed, and any rules related to the use of cookies in Bot Manager will be ignored.

Logs

The requests will generate logs that can be seen in Real-Time Events and Data Stream. By analyzing the logs generated by Bot Manager, you can get insights to understand if any changes in the function instance’s JSON Args are needed.

Go to Data Stream reference
Go to real-time events reference

Additional resources

SDKs

Azion Bot Manager can work together with Software Development Kits (SDKs), for both Android and iOS systems, allowing you to customize and tailor security protocols to meet the specific needs of your mobile applications. With SDKs and Bot Manager, you can implement fine-grained controls, address application-specific vulnerabilities, and adapt to evolving threats more effectively.

You can use SDKs to track mobile devices and identify behaviors (such as touching the screen) and device data (model, manufacturer, operational system, etc.) to use as insights for Bot Manager detect and mitigate malicious threats.

JavaScript injection

When the JavaScript file is inserted in your edge application, it collects data on the actions made by the device used in a request. It’s available for use with web browsers. With JavaScript injection, more data will be collected, such as manufacturer and hardware used, to execute request rules.

This data can be used to create more robust rules and behaviors on the Bot Manager args in order to detect and mitigate threats more effectively.

Rate Limiting

Rate limiting integration establishes thresholds for the number of requests a user or system can make within a specified timeframe, effectively mitigating the impact of brute force attacks or excessive bot activities. By working jointly with rate limiting, the bot management measures gain an additional layer of defense against automated threats.

Fingerprint

A set of information (IP, User-Agent header) creates a hash for devices accessing your edge applications. The information is gathered by tracing the device’s session and provides a more accurate detailing of the request’s device, increasing the precision of Bot Manager logs.

If you use Fingerprint with Bot Manager, you can also enable the use of Azion Real-Time Metrics to query consolidated data via GraphQL API related to the access to the application protected by Bot Manager, facilitating the identification of patters and use this intelligence to optimize the rules. With this feature, you can define a threshold and take a specific action when the threshold is violated and the device or user is identified as malicious, based on the fingerprint data.

Captcha

By using the redirect action, the defined URL/location can contain a Captcha integration to add an additional security layer. It helps you to increase security and malicious traffic detection, challenging all the request previously violating any threshold to guarantee is legitimate.

Custom rules

Azion will provide you with easy-to-go configurations, that should be enough for most of the cases. If you need a more detailed configuration, you can edit the JSON file for the integration to customize them and add new custom rules based on your business needs. It’s also possible to add more criteria and behaviors to be executed by the Rules Engine, building more comprehensive responses to possible attacks.

Go to how to install Bot Manager guide

Contributors