Bot management protects web applications, native applications, and APIs from malicious crawlers for protected websites. Bot management allows requests from specific crawlers, and supports bot threat intelligence rules, data risk control, and application protection. You can configure a bot management whitelist to allow specific requests to skip specified detection modules.
- A Web Application Firewall instance that is deployed in a region inside mainland China and the Bot Manager feature are available.
- The website is associated with the Web Application Firewall instance. For more information, see Add domain names.
- Log on to the Web Application Firewall console.
- In the top navigation bar, select the resource group to which the instance belongs and the region, Mainland China or International, in which the instance is deployed.
- In the left-side navigation pane, choose .
- In the upper part of the Website Protection page, select the domain name for which you want to configure the whitelist.
- Click the Bot Management tab, find the Bot Management section, and then click Settings.
- Create a bot management whitelist.
After a bot management whitelist rule is created, it is automatically enabled. You can view newly created rules in the rule list, and disable, modify, or delete rules as needed.
- On the Bot Management - Whitelist page, click Create Rule.
- In the Add Rule dialog box that appears, set the following parameters.
Parameter Description Rule name Specify a name for the rule. Matching Condition Specify the match conditions. Click Add rule to add more conditions. You can add a maximum of five conditions. If you specify multiple conditions, the rule is hit only after all the specified conditions are met.
For more information about match conditions, see Fields of match conditions.
Modules Bypassing Check The detection modules that can be skipped after the rule is hit. Detection modules include:
- Bot Threat Intelligence
- Data Risk Control
- Algorithm Model
- App Protection
- Click Save.