Bot management protects web applications, native applications, and APIs from malicious crawlers for protected websites. Bot management allows requests from specific crawlers, and supports bot threat intelligence rules, data risk control, and application protection. You can configure a bot management whitelist to allow specific requests to skip specified detection modules.

Notice This topic uses the new version of the Web Application Firewall (WAF) console released in January 2020. If your WAF instance was created before January 2020, bot management whitelists are not supported.


  • A Web Application Firewall instance that is deployed in a region inside mainland China and the Bot Manager feature are available.Bot Manager
  • The website is associated with the Web Application Firewall instance. For more information, see Add domain names.

Background information


  1. Log on to the Web Application Firewall console.
  2. In the top navigation bar, select the resource group to which the instance belongs and the region, Mainland China or International, in which the instance is deployed.
  3. In the left-side navigation pane, choose Protection Settings > Website Protection.
  4. In the upper part of the Website Protection page, select the domain name for which you want to configure the whitelist.Switch Domain Name
  5. Click the Bot Management tab, find the Bot Management section, and then click Settings.
  6. Create a bot management whitelist.
    1. On the Bot Management - Whitelist page, click Create Rule.
    2. In the Add Rule dialog box that appears, set the following parameters.Create a rule - bot management whitelist
      Parameter Description
      Rule name Specify a name for the rule.
      Matching Condition Specify the match conditions. Click Add rule to add more conditions. You can add a maximum of five conditions. If you specify multiple conditions, the rule is hit only after all the specified conditions are met.

      For more information about match conditions, see Fields of match conditions.

      Modules Bypassing Check The detection modules that can be skipped after the rule is hit. Detection modules include:
      • Bot Threat Intelligence
      • Data Risk Control
      • Algorithm Model
      • App Protection
    3. Click Save.
    After a bot management whitelist rule is created, it is automatically enabled. You can view newly created rules in the rule list, and disable, modify, or delete rules as needed.Bot management-whitelist