Azion Bot Manager Lite

Overview

Azion Bot Manager Lite v0.1.9 is a serverless integration available on the Azion Marketplace, built with an edge function in the Edge Firewall. It analyzes requests and assigns a score, declining or canceling requests that exceed a pre-set limit, or allowing them by default. Available actions include allow, deny, drop, redirect, custom HTML, random delay, and hold the connection. The integration detects suspicious traffic and malicious bots such as web scraping and brute force attacks.

Solution Details

This edge function evaluates requests and assigns a score based on a set of predefined rules. The action taken is configured by the customer and can be allow, deny, drop, redirect, custom HTML, random delay, or hold the connection if the score exceeds a limit defined in the JSON Args. Otherwise, the Edge Firewall rules continue to execute as normal.

Rules

Currently, Bot Manager Lite features a rules system, with each rule incrementing the request score based on different conditions, such as specific HTTP headers or bot behavior patterns.

Edge Function Details

The edge function is implemented in JavaScript and integrates into the Edge Firewall. Key configurable parameters include the action taken, the score threshold to trigger actions, and detailed logs transmitted via Data Stream/Real-Time Events.

Logs and Integration

The log records can be configured to capture a wide range of request data, excluding sensitive headers listed below. The solution also validates IP addresses using reputation lists defined in the JSON Args, increasing the threat score of the request.

Setting up the function

The function accepts the following arguments:

Variable	Type	Required	Description
`action`	String	Yes	The action to be taken by the function whenever the request’s score is greater or equals the defined threshold. Possible values: `allow`, `deny`, `redirect`, `custom_html`, `drop`, `random_delay`, and `hold_connection`. Read more about configuring actions
`threshold`	Number	Yes	The maximum score that the request can reach before the function takes an action. If it has no value, the function won’t take action
`disabled_rules`	Array of numbers	No	The rules to be disabled. If a rule is disabled, it won’t be processed nor increment the request score
`internal_logs`	String	No	The Logging Class that the function will use. Possible values: `0`: write logs if the request score is greater than 0. `1`: only write logs if the request score is greater than 0, or if the request is classified as “Good Bot”. `2`: always write logs. `3`: never write logs. Default value: `0`. When this field has no value or has an invalid value, the function will use the default value
`log_headers`	Array of strings	No	Defines which request headers should be included in the function’s report log. For security reasons, the following headers are forbidden: `authorization`, `cookie`, `proxy-authorization`, `set-cookie`, `x-csrf-token`, `x-api-key`, `x-amz-security-token`. Note: the headers’ values are going to be stored with base64 encode
`log_tag`	String	No	A tag to identify the function instance that generated the request in the logs. It’s recommended to use customized and unique tags
`session_signature_key`	String	No	This string is used to sign, as encrypted data, the signed bot session cookie. This validation protects against cookie tampering. If this field has no value or an invalid value, the function will use the default value `az`
`should_write_warning_logs`	Boolean	No	Defines whether the function will write warning logs to Real-Time Events. Default value: `false`

Configuring actions

Azion Bot Manager Lite can execute 7 different actions whenever the request’s score equals or exceeds the defined threshold. Read more about each one below:

allow: allows the continuation of the request. To enable this action, you must declare it as follows:

  "action": "allow"

This action doesn’t require any additional arguments.

If the score is less than the predetermined threshold, the request is processed, being allow the default action.

deny: delivers a standard Status Code 403 response. To enable this action, you must declare it as follows:

  "action": "deny"

This action doesn’t require any additional arguments.

drop: terminates the request without a response to the user. To enable this action, you must declare it as follows:

  "action": "drop"

This action doesn’t require any additional arguments.

redirect: allows the request to be redirected to a new URL/location when the security threshold is reached. To enable this action, you must declare the variables as in the example:

  "action": "redirect",
  "redirect_to": "http://xxxxxxxxxx.map.azionedge.net/"

Where redirect_to: defines the new URL/location to redirect the requests. If this field isn’t filled or filled with a value that isn’t a string, the function will behave as if the allow action was enabled.

custom_html: allows customized HTML content to be delivered to the user in case of a threshold violation. To enable this action, you must declare the variables as in the example:

  "action": "custom_html",
  "custom_html": "This should be the custom HTML content",
  "custom_status_code": 418,

Where custom_html defines the HTML content to be delivered and custom_status_code is the status code to be delivered.

If custom_html isn’t filled or it’s filled with a value that isn’t a string, the function will behave as would happen with the allow action enabled.
If custom_status_code isn’t filled or it’s filled with a value that isn’t a number, the default value will be a Status Code 200.

random_delay: makes the function wait for a random period between 1 and 10 seconds before allowing the request to proceed. To enable this action, you must declare it as follows:

  "action": "random_delay"

This action doesn’t require any additional arguments.

hold_connection: holds the request, keeping the connection open for 1 minute before dropping it. To enable this action, you must declare it as follows:

  "action": "hold_connection"

This action doesn’t require any additional arguments.

Go to How to install Azion Bot Manager Lite from Azion Marketplace guide Go to the How to test Bot Manager Lite using a template guide Go to the How to add Bot Manager Lite to an existent edge firewall with a template guide