For example, you can use the custom response capability to return a tailored response according to bot identification, or flag the request by inserting a new header. You can simply accept the default action to block unwanted bot traffic as part of your WAF configuration, or you can customize the configuration. Once Bot Control recognizes the bot, you can block traffic coming from unwanted bots. It categorizes bot types such as scraper, SEO, crawler, or site monitor. AWS WAF Bot Control is integrated into AWS Web Application Firewall and can be managed centrally using AWS Firewall Manager for large enterprise use cases.īot Control analyzes request metadata such as TLS handshakes, HTTP attributes, and IP addresses to identify the source and purpose of a bot. Today, we are introducing AWS WAF Bot Control to identify, raise visibility of, and take action against common bot traffic. Managing a set of rules is complex, with risks of blocking good traffic or authorizing traffic that should be blocked. Protecting your website from this unwanted traffic is time-consuming and error-prone. In addition to the security risk, serving this traffic causes unnecessary pressure on, and costs for, your infrastructure.
But most of the bot traffic is generated by unwanted bots: scripts probing for vulnerabilities, or copying your content to replicate it somewhere else without your consent. Wanted bots are crawling your sites to index them and make them discoverable by your customers others are monitoring your site availability or performance.
A wide variety of bots – some wanted, some unwanted – are hitting your endpoints.
According to research done by the AWS Shield Threat Research Team, up to 51% of traffic heading into typical web applications originates from scripts running on machines, also known as bots.
0 kommentar(er)
