To help ESA accurately distinguish between legitimate and automated traffic, you may adjust policies to reduce false positive.
What is false positive
A false positive means that a legitimate request is mistakenly identified as a malicious bot and blocked. This can harm the user experience and may lead to business loss.
False positives may occur when browser or app requests have certain characteristics. These include User-Agent, JA3 fingerprint, or request frequency that resemble patterns of known bots in the behavior database.
Reduce false positives
Add whitelist rules for trusted clients based on their characteristics, such as corporate intranet IPs and approved crawler User-Agents. This ensures that important service traffic is not blocked.
Example
An e-commerce platform offers an API for product data queries and allows approved third-party partners, such as price comparison websites, to access public product information through legitimate crawlers. Meanwhile, the platform has enabled bot protection against malicious bots. To prevent blocking valid partner requests, they add the partner's server IP address (198.192.XXX.XXX) to the whitelist.
In the ESA console, choose Website, find the website you want to manage and click
> WAF.Select the Whitelist Rules tab, and then click Create Rule.
Enter the Rule Name, and in the If requests match... section, select Client IP as the match field, is in as the match operator, and
198.192.XXX.XXXas the match value.In the Then skip... section, select Specific Rule Category/ID, and for Rule Category, select Bot Management.
Click OK.
Requests with client IP
198.192.XXX.XXXwill bypass bot management rules.
