Community Blog Prevent Bot Attacks on Your Websites and Servers

Prevent Bot Attacks on Your Websites and Servers

In this article, you will get some information on how to use the anti-bot technology of Alibaba Cloud WAF to prevent bot attacks.

Software bots which emulate a web browser are often used by criminals to harvest large amounts of data from websites. They can also abuse websites in other ways, such as by mass-posting adverts or malicious links in comment forms or forums, or by placing large numbers of reservations within, say, an airline booking system in order to prevent legitimate customers from making a booking.

In addition to the out-of-the-box features of the WAF which prevent the type of attacks that affect everyone who subscribes to the service, you can also create your own specific rules and policies to block bot attacks that you are receiving, or that you fear you may receive.

Web Application Attack Protection covers attacks such as database injections, cross-site scripting, and other common attack types which constitute the well-known OWASP Top 10 list (see the Open Web Application Security Project at www.owasp.org to learn more). This feature works straight out of the box and is enabled by default.

HTTP Flood Protection Mode under WAF is enabled and set to Normal by default and will help to protect the server from HTTP Flood and DDoS attacks and you should leave it at the default setting. If you subscribe to the Business or Enterprise level of the WAF then you can enhance and customize the HTTP flood protection settings by creating your own additional rules.

The Malicious IP Penalty feature under WAF is powered by Alibaba Cloud’s huge threat intelligence database of more than 4 billion IP addresses.

The database holds details of each IP address, its location, whether it has recently been used to generate attacks, whether those attacks were man- or machine-generated, how often they occurred, and so on. And the list of malicious IP addresses is updated all the time.

The other useful feature for protecting your website and server from bots is the HTTP ACL, which again is available in all editions of the Web Application Firewall.

HTTP is the communications protocol that web browsers (or other user agents such as bots) use to communicate with web servers. An ACL is an Access Control List. The HTTP ACL feature allows you to set up rules which block malicious requests.

The HTTP ACL policy lets you create more detailed rules, specific to your individual circumstances. The precise nature of the rules that you create will depend on the nature of your website or server, the URLs of the pages you want to protect, the degree of protection required, and the types of attacks that you are facing.

If your server is running WordPress and you use the pingback feature to allow users to be notified when someone replies to their blog comment, you are vulnerable to what’s known as a pingback or bounce attack. Then you can use this to construct a simple WAF rule to protect our site from such attacks.

Rules for WordPress&pintback attacks

And if you discover that a particular website is leeching images or other content from your site, you can create a WAF rule to block it. For example, if you find that www.selfish-site.com is referencing images from your company’s site, set up a rule as follows. The requests will then be blocked, and users of the selfish operator’s site will receive an error saying that the required image can’t be found.

To get step by step guide, please go to Protect Your Website and Servers with Alibaba Cloud WAF Anti-Bot Features.

Related Documentation

Configure WAF protection polices

After the website is deployed with Alibaba Cloud WAF, WAF helps inspect the web traffic and block common web attacks (such as SQL injections and XSS scripting) and HTTP flood attacks, based on the default protection settings. You can enable more protection functions and configure their policies according to your actual business situation.

Custom HTTP flood protection

The Business and Enterprise editions of Alibaba Cloud WAF support customizing HTTP flood protection rules to apply rate-based access control.

The frequency of certain URLs can be restricted from accessing your server by applying custom protection rules in the console. For example, you can define the following rule: when a single source IP address accesses www.yourdomain.com/login.html for more than 20 times within 10 seconds, then block this IP address for one hour.

Related Blog Posts

Protect against Web Crawlers with Alibaba Cloud's Anti-Bot Service

With the Internet-based development of traditional industries and the data-based development of major businesses, crawlers have gradually become a point vulnerable to risks. According to network data statistics, more than 60% of Internet traffic is automatically generated in bulk by crawlers.

Alibaba Cloud Anti-Bot Service is a new security product launched by Alibaba Cloud Security early this year. The service provides anti-bot solutions for Web applications, HTML5 websites, APIs, and mobile apps, and manages crawlers in an orderly manner.

How to Protect Your Websites from HTTP(S) Flood

By default, your domain protected by the Anti-DDoS Pro instance uses the Normal HTTP flood protection mode. You can change the mode as you needed.

  1. Log on to the Anti-DDoS Pro console.
  2. Go to Protection > Setting > Web Attack Protection page, select Instance, and select Domain.
  3. Locate the HTTP Flood Protection area, click to select the defense mode.

In this guide, you will get information on how to guard your website from HTTP(S) flood attacks with protection modes on Anti-DDoS Pro.

Related Market Products

F5 Advanced WAF (PAYG, 25Mbps)

F5 Advanced WAF provides robust web application firewall protection, securing apps against threats including layer 7 DoS attacks, malicious bots, OWASP Top 10 threats and much more.

F5 Per-App VE – Advanced WAF (PAYG, 25Mbps)

F5 Per-App VEs deliver the same scalable, secure and customizable application services as physical and virtual F5 ADCs - at a price and in a form factor appropriate for supporting individual apps.

Related Products

Web Application Firewall

Alibaba Cloud WAF is a web application firewall that monitors, filters, and blocks HTTP traffic to and from web applications. Based on the big data capacity of Alibaba Cloud Security, Alibaba Cloud WAF helps you to defend against common web attacks such as SQL injections, Cross-site scripting (XSS), web shell, Trojan, and unauthorized access, and to filter out massive HTTP flood requests. It protects your web resources from being exposed and guarantees your website security and availability.

Anti-DDoS Pro

Alibaba Cloud Anti-DDoS Pro is a paid service that features a set of high-defensive IPs, and acts as a protective barrier for the origin. It safeguards network servers under high volume DDoS attacks. After configuring the high defensive IPs for the network servers, all traffic passes through the Anti-DDoS Pro instance before rerouting to the origin.

Anti-DDoS Pro supports a peak protection bandwidth of 20Gbps ~ 600Gbps on servers inside and outside Alibaba Cloud. To make it more cost-effective, you are offered various flexible payment plans. Wherein, the fees are incurred according to the daily attack volumes.

Anti-DDoS Pro cleans all traffic, mitigates DDoS attacks, and then forward traffic to the origin. With malicious traffic mitigated, the origin gains higher availability and stability.

Additionally, with Anti-DDoS Pro enabled, traffic traction and re-injection are not necessary when your origin suffers DDoS attacks.

Related Course

Alibaba Cloud Certification Course - Security

Alibaba Cloud Security Certification course is a series of online courses covering topics including Linux and Windows OS basics and operations, network fundamentals, host security, application security, network security, data security, etc. It is designed to help you understand how these products work, how they should be used and help you gain the required knowledge to be certified as an ACA/ACP level cloud security specialist.

0 0 0
Share on

Alibaba Clouder

2,600 posts | 750 followers

You may also like