Anti-Bot functions

  1. What is the difference between Anti-Bot and the bot traffic prevention function provided by WAF?

    The bot traffic prevention function of Web Application Firewall (WAF) mainly defends against bot traffic during single IP address access, which is written by a script program. Anti-Bot can effectively defend against disguised bot traffic that simulates real user behaviors.

  2. How is the protection capability of Anti-Bot? Is security technical personnel involved every time protection is implemented?
    Anti-Bot provides protection schemes in different dimensions to solve the threats of various crawlers in your services.
    • Intelligent protection: Anti-Bot relies on the intelligence accumulated by cloud-based big data algorithms and the protection capability provided by an intelligent algorithm model. The protection function of Anti-Bot can be directly enabled in the console, without the intervention of security technical engineers.
    • Rule-based protection: Anti-Bot allows you to configure custom protection rules with flexibility for fine-grained protection. In this case, you may need the assistance of security technical engineers in analyzing and developing protection rules and policies.
    Different service interfaces may have special characteristics, requiring security technical engineers to analyze and select suitable protection policies. This prevents mis-interception resulting from an incompatibility between the service interfaces and a specific bot recognition mode.

    The optimal protection policy and solution recommended by security technical engineers can effectively control bot threats before bot mutation. A given type of bot attacks will disappear gradually when the attack cost of this bot type is higher than the revenue.

  3. What types of bot threats does Anti-Bot prevent for web pages and apps?

    Anti-Bot provides the same protection capability for web pages and apps, and can effectively defend against malicious bot requests that are written by automated scripts, carry obvious machine features, and simulate real user behaviors.

    Bot threat management is essentially an attack and defense process. When dealing with bot mutation, you must first identify bots before you can effectively filter them out.

Anti-Bot configuration

  1. Do I need to modify code when I configure Anti-Bot?

    Anti-Bot can be configured for website services in reverse proxy mode. For this reason, you only need to modify DNS resolution configuration, and do not have to modify web page code.

    If your services can be accessed by apps, we recommend that you also use the Anti-Bot SDK. When using the Anti-Bot SDK, you need to modify the code of the app and release a new version of the app.

  2. Is the Anti-Bot SDK applicable to both iOS- and Android-based apps?

    The Anti-Bot SDK supports integration of both iOS- and Android-based apps. For the integration method, see Integrate the Anti-Bot SDK into iOS applications or Integrate the Anti-Bot SDK into Android applications.

  3. How do I deploy Anti-Bot with other Alibaba Cloud products?
    Anti-Bot is compatible with Alibaba Cloud SLB, WAF, Anti-DDoS Pro, and CDN. You can select a product based on your service requirements and deploy it with Anti-Bot.
    • SLB: To use Anti-Bot and SLB in combination, add the public IP address of the SLB instance as the IP address of the origin server when adding the domain name configuration in the Anti-Bot console.
    • WAF: Anti-Bot and WAF use the same forwarding configuration. Therefore, the website domain name configuration record added to Anti-Bot or WAF is automatically synchronized to the console of the other service, and Source is displayed as Cloud Synchronization. To protect against application-layer attacks and malicious bot traffic, configure a protection policy for the website domain name in the Anti-Bot and WAF consoles.
    • Anti-DDoS Pro: Configure this based on Deploy both Anti-Bot and Anti-DDoS Pro to protect against flood attacks and malicious bot traffic.
    • CDN: Configure this based on Deploy both Anti-Bot and CDN to protect the CDN-enabled domain against malicious bot traffic.

Logging function

  1. When Log Service for Anti-Bot is activated, a message is displayed, indicating a failure to create resources or to modify the resource configuration by calling SLS higher-level APIs.

    Log Service for Anti-Bot depends on Alibaba Cloud Log Service. When Log Service is activated, the corresponding logstore resource is automatically created in Log Service.

    If your Alibaba Cloud account is overdue, you may receive this message, and Log Service may fail to be activated. If this is the case, reactivate Log Service after you renew the account.
    Note No additional fee is charged for Log Service for Anti-Bot.