Web Application Firewall:Bot management (legacy)

• Legacy bot management:

• New bot management:

Features

Bot management provides the following features to help you quickly detect machine traffic, defend against bot threats, and prevent your business data from being scraped.

• Bot traffic analysis (Bot Management not required)

  You can view risk data for your API operations using the machine traffic analysis feature without enabling bot management. This data includes the trend of machine traffic within a specified time range, the top 20 clients and top 20 IP addresses that pose risks, and machine traffic analysis data for protected objects. This helps you quickly identify and locate API operations that may be at risk. For more information, see View machine traffic analysis data.

  For API operations that are at risk, you can request a free trial or purchase a bot management plan to configure scene-based mitigation policies. For more information about how to request a free trial or purchase a plan, see Enable bot management.

• Scenario-specific Protection (Available after you enable bot management)

  This feature provides fine-grained control for specific business scenarios. You can integrate a software development kit (SDK) and configure scene-based mitigation policies for web pages and apps to achieve optimal protection. For more information, see Create a scene-based mitigation rule for web crawlers and Create a scene-based mitigation rule for app crawlers.

  Audience: Users who are sensitive to machine traffic.

• Basic Protection (Available after you enable bot management)

  This feature detects bot traffic based on Layer 4 or Layer 7 traffic fingerprints. You do not need to integrate an SDK. You can enable protection with a single click. For more information, see Create a basic mitigation rule.

  Audience: Users who want to configure simple mitigation policies to block low-level and mid-level bots.

Prerequisites

• Web services are added to WAF on the Website Configuration page. For more information, see Website configuration overview.

• To create a scene-based mitigation template for app crawlers, you must integrate the SDK into the app that you want to protect. For more information, see Integrate an SDK into an Android app and Integrate an SDK into an iOS app.

View machine traffic analysis data

1. Log on to the WAF 3.0 console. In the top navigation bar, select the resource group and region of the WAF instance. You can select Chinese Mainland or Outside Chinese Mainland.

2. In the left-side navigation pane, choose Protection Configuration > Bot Management.

3. On the Machine Traffic Analysis tab, view the Machine Traffic Trend, Top 20 Clients, Top 20 IPs, and Machine Traffic Analysis For Protected Objects for a specified protected object within a specific time range.

Enable bot management

1. Log on to the WAF 3.0 console. In the top navigation bar, select the resource group and region of the WAF instance. You can select Chinese Mainland or Outside Chinese Mainland.

2. In the left-side navigation pane, choose Protection Configuration > Bot Management.

3. Enable bot management.

   • Request a free trial

     Note

     • You can request a free trial of bot management once for each WAF instance of the Pro, Business, or Ultimate edition.

     • The free trial is valid for 7 days after your request is approved. After the trial expires, the analysis data generated during the trial is immediately purged if you do not purchase a bot management plan. To retain the data and continue using the bot management feature, purchase a plan before the trial expires.

     On the Machine Traffic Analysis tab, click Free Trial. On the WAF-Bot Management PoC Questionnaire page, enter the required information and click Submit.

     An Alibaba Cloud engineer will contact you within one week after you submit the request to confirm the trial details. After your request is approved, the bot management feature is automatically enabled for your WAF instance.

   • Purchase a bot management plan

     1. On the Machine Traffic Analysis tab, or on the Scenario-specific Protection or Basic Protection tab, click Purchase.

     2. In the Purchase panel, enable Bot Management - Web Protection or Bot Management - App Protection, and complete the payment.

        Note

        • After you enable Bot Management - Web Protection, you can configure basic protection rules and scene-based rules for web crawlers.

        • After you enable Bot Management - App Protection, you can configure basic protection rules and scene-based rules for app crawlers.

        • To configure basic protection rules, scene-based rules for web crawlers, and scene-based rules for app crawlers, you can enable both Bot Management - Web Protection and Bot Management - App Protection.

After you enable bot management, you can click the Machine Traffic Analysis tab. In the Machine Traffic Analysis For Protected Objects section, locate the API operation that is at risk due to high machine traffic and click Add Mitigation in the Actions column to add a scene-based mitigation policy. For more information, see Create a scene-based mitigation rule for web crawlers and Create a scene-based mitigation rule for app crawlers.

If you want to configure simple mitigation policies to block low-level and mid-level bots, you can configure basic bot management rules on the Basic Protection tab. For more information, see Create a basic mitigation rule.

Create a scene-based mitigation rule for web crawlers

If your business involves accessing web pages or H5 pages (including H5 pages in apps) through a browser, you can create a scene-based mitigation template for web crawlers and customize mitigation rules to defend against web bots.

1. Log on to the WAF 3.0 console. In the top navigation bar, select the resource group and region of the WAF instance. You can select Chinese Mainland or Outside Chinese Mainland.

2. In the left-side navigation pane, choose Protection Configuration > Bot Management.

3. On the Scenario-specific Protection tab, click Create Template.

4. On the Configure Scenarios page of the wizard, complete the following configurations and click Next.

   Configuration item	Description
   Template Name	Set a name for the template. The name of the template must be 1 to 255 characters in length and can contain letters, digits, periods (.), underscores (_), and hyphens (-).
   Template Description	Enter a description for the template.
   Service Type	Select Websites. This protects web pages or H5 pages (including H5 pages in apps) that are accessed through browsers.
   Web SDK Integration	Automatic Integration (Recommended) Uses a JavaScript-based Web SDK to improve protection for web browser scenarios and prevent some compatibility issues. After you enable this feature, WAF automatically references the SDK in the HTML pages of the protected object. WAF collects browser information, specific attack detection probe data, and user behavior data (no sensitive personal information is involved). Then, WAF requests threat detection and blocking based on the collected information. If you initiate an access request to the current protected object from another domain name, you must select the source domain name of the cross-domain access from the Use Intermediate Domain Name drop-down list. For example, if you call the logon API of domain name A from a page under domain name B, you must select domain name B from the Use Intermediate Domain Name drop-down list. Important Automatic integration of the Web SDK is not supported for protected objects that are added to WAF using Application Load Balancer (ALB), MSE, or FC. You must manually integrate the SDK. Manual Integration If automatic integration is not suitable for your environment, you can manually integrate the SDK. Click Obtain SDK to obtain the script node. Place the script node before all other script nodes on the page to ensure that it is loaded first. For more information, see Deployment method. For more information, see Integrate an SDK into a web application.
   Traffic Characteristics	Add HTTP request fields and their rules for the destination traffic. This refers to the content of fields related to the business scenario that are generated in the HTTP request message when the protected object is accessed. You can add up to five conditions. The logical operator between the conditions is AND. For more information about the fields, see Match conditions.

5. On the Configure Protection Rules page of the wizard, complete the following configurations and click Next.

   Configuration item	Description
   Fraud Detection	After you select Business Security Policy, enter the required information. For more information, see Fraud Detection. After you enable the rule, WAF integrates with the Fraud Detection service. This lets you block access from abnormal phone numbers, such as those used by scalpers. This is a pay-as-you-go service that is billed based on the number of rule hits.
   Legitimate Bot Management	After you select Spider Whitelist, select a whitelist of legitimate search engines. After you enable the rule, legitimate bot IP addresses from the relevant search engines are allowed to pass without being checked by the bot management module.
   Bot Characteristic Detection	Simple Script Filtering (JavaScript Challenge) After you enable this feature, WAF performs a JavaScript challenge on clients that access the protected object. This filters traffic from non-browser tools that do not support JavaScript challenges and blocks simple script-based attacks. Advanced Bot Protection (Dynamic Token-based Authentication) After you enable this feature, WAF verifies the signature of each request and blocks requests that fail the verification. Options: Signature Verification Exception (Required): Requests are blocked if they do not have a signature or have an invalid signature. Signature Timestamp Exception: Requests are blocked if the signature timestamp is abnormal. WebDriver Attack: Requests are blocked if they are identified as WebDriver attacks.
   Bot Behavior Detection	Intelligent Protection After you select Intelligent Protection, you must set the action for detected bot behavior to Monitor, Slider CAPTCHA, or Mark For Origin Fetch. If you select Mark For Origin Fetch, you must also set the Header Name and Header Content for the mark. After you enable this feature, the bot mitigation rule uses intelligent protection engines to analyze and automatically learn from access traffic, generating targeted mitigation rules or blacklists. Custom Throttling After you enable this feature, you can customize access frequency limits to filter bot requests with excessively high frequencies. This effectively mitigates HTTP flood attacks. IP Address Throttling (Default) If the number of access requests from the same IP address exceeds the specified Threshold (Times) within the Statistical Interval (Seconds), WAF applies the specified Action to subsequent requests from that IP address for the duration of the Throttling Interval (Seconds). The available actions are Monitor, Slider CAPTCHA, and Block. You can set up to three conditions. The logical operator between the conditions is OR. Custom Session Throttling If the number of access requests for a specified Session Type exceeds the specified Threshold (Times) within the Statistical Interval (Seconds), WAF applies the specified Action to subsequent requests in that session for the duration of the Throttling Interval (Seconds). The available actions are Monitor, Slider CAPTCHA, and Block. You can set up to three conditions. The logical operator between the conditions is OR. Session Type supports Custom Header, Custom Parameter, Custom Cookie, and Session.
   Bot Threat Intelligence	Bot Threat Intelligence Library Contains source IP addresses that have launched multiple malicious bot attacks against multiple users on Alibaba Cloud within a period of time. WAF applies the Monitor, Slider CAPTCHA, or Mark For Origin Fetch action to these IP addresses. If you select Mark For Origin Fetch, you must also set the Header Name and Header Content for the mark. Data Center Blacklist After you enable this feature, if a source IP address of an attack belongs to a selected IP address library, WAF applies the Monitor, Slider CAPTCHA, Block, or Mark For Origin Fetch action. If you select Mark For Origin Fetch, you must also set the Header Name and Header Content for the mark. Note If you use source IP addresses from public clouds or data centers to access your services, add known legitimate calls to a whitelist, such as payment callbacks from Alipay or WeChat, and monitoring programs. Forged Bots After you enable this feature, WAF will Block or Mark For Origin Fetch User-Agents of all search engines in Legitimate Bot Management. Legitimate client IP addresses corresponding to whitelisted search engines will be allowed.

6. On the Configure Effective Scope page of the wizard, complete the following configurations and click Next.

   Configuration item	Description
   Apply To	Select the protected objects or protected object groups to which you want to apply the rule. Click the icon to move the selected objects or groups to the Selected area.
   Effective Period And Grayscale Release	Set the grayscale release and effective period for the selected mitigation rule. If you do not configure these settings, Grayscale Release is disabled for the rule and the rule is Permanently Effective by default. Locate the destination rule and click Edit in the Actions column. Configure the grayscale release and effective period. Grayscale Release: Configure the percentage of objects to which the rule applies based on different dimensions. After you enable grayscale release, you must set the Dimension and Grayscale Ratio. The available Dimensions are IP, Custom Header, Custom Parameter, Custom Cookie, and Session. Note The grayscale rule is applied based on the Dimension you set, not randomly to a percentage of requests. For example, if you select the IP dimension for grayscale release, all requests from an IP address that triggers the rule will be matched. Effective Mode Permanently Effective (Default): The rule is always in effect when the mitigation template is enabled. Effective Within A Time Period: You can set a specific time period in a specific time zone for the rule to be effective. Effective On A Recurring Basis: You can set a specific time period of each day in a specific time zone for the rule to be effective. You can also select multiple rules and modify their grayscale release and effective period mode in a batch.

7. On the Verify Protection Effect page of the wizard, test the bot mitigation rule.

   We recommend that you verify the mitigation action before you publish the policy. This helps prevent incorrect blocking caused by rule configuration errors or compatibility issues. If you are sure that the rule is correctly configured, you can click Skip in the lower-left corner.

   Follow these steps to perform the verification:

   1. Step 1: Enter a public IP address.

      Enter the public IP address of your test device (PC or mobile phone). The bot mitigation rule test applies only to this public IP address and does not affect your services.

      Important

      Do not enter the IP address queried using the ipconfig command (which is an internal IP address). If you are unsure of your device's public IP address, you can use an online IP query tool to find it.

   2. Step 2: Select an action.

      Generate a test rule that applies only to your test IP address. This rule uses the mitigation actions configured on the Configure Protection Rules page. You can select JavaScript Validation, Dynamic Token-based Authentication, Slider CAPTCHA Verification, or Block Verification to verify the execution result of the mitigation action.

      Click Test in the test action module. WAF immediately applies the mitigation policy to the test device and displays a demonstration and a description of the test result. We recommend that you review them carefully.

      After the test is complete, click I Have Completed the Test to proceed to the next step. If the test result is abnormal, click Go Back. Refer to FAQ for testing bot mitigation policies to optimize the rule and test again.

Create a scene-based mitigation rule for app crawlers

If your business is based on a native iOS or Android app (excluding H5 pages used in the app), you can create a scene-based mitigation template for app crawlers and customize mitigation rules to defend against app bots.

1. Log on to the WAF 3.0 console. In the top navigation bar, select the resource group and region of the WAF instance. You can select Chinese Mainland or Outside Chinese Mainland.

2. In the left-side navigation pane, choose Protection Configuration > Bot Management.

3. On the Scenario-specific Protection tab, click Create Template.

4. On the Configure Scenarios page of the wizard, complete the following configurations and click Next.

   Configuration item	Description
   Template Name	Set a name for the template. The name of the template must be 1 to 255 characters in length and can contain letters, digits, periods (.), underscores (_), and hyphens (-).
   Template Description	Enter a description for the template.
   Service Type	Select App. This protects native iOS or Android apps (excluding H5 pages in apps).
   App SDK Integration	WAF provides an SDK for native apps (Android/iOS) to improve protection in this scenario. After the SDK is integrated, it collects client risk features and attaches a security signature to requests. WAF uses the signature features to detect and block risk requests. You can integrate the App SDK in the following ways: Submit a ticket to contact us and obtain the SDK for your iOS app. Click Obtain and Copy AppKey to use for initiating SDK initialization requests. Integrate the App SDK. For more information, see Integrate an SDK into an iOS app.
   Traffic Characteristics	Add HTTP request fields and their rules for the destination traffic. This refers to the content of fields related to the business scenario that are generated in the HTTP request message when the protected object is accessed. You can add up to five conditions. The logical operator between the conditions is AND. For more information about the fields, see Match conditions.

5. On the Configure Protection Rules page of the wizard, complete the following configurations and click Next.

   Configuration item	Description
   Fraud Detection	After you select Business Security Policy, enter the required information. For more information, see Fraud Detection. After you enable the rule, WAF integrates with the Fraud Detection service. This lets you block access from abnormal phone numbers, such as those used by scalpers. This is a pay-as-you-go service that is billed based on the number of rule hits.
   Bot Characteristic Detection	Detection rules Invalid App Signature (Selected by default) Selected by default and cannot be disabled. WAF detects requests that do not have a signature or have an invalid signature after the app is integrated with the SDK. Custom Signature Field (Not selected by default) After you select this switch, you must set the Field Name and define a custom signature field in the Cookie, Parameter, or Header. If the signature object has an excessively long, empty, or specially encoded body, WAF can process the signature content using methods like hashing and place it in the custom signature field for verification. Abnormal Device Behavior After you enable this feature, WAF detects and manages requests from devices with abnormal features, including the following: Expired Signature, Using Simulator, Using Proxy, Rooted Device, Debugging Mode, Hooking, Multiboxing, Simulated Execution, and Script Tools. Mitigation action You can set the action for the configured Bot Characteristic Detection rule to Monitor, Block, or Strict Slider CAPTCHA Verification. Advanced mitigation Click Advanced Protection and configure the following settings: Secondary Packaging Detection Rule settings After you enable this feature, requests from apps that are not in the whitelist of legitimate package names and package signatures are considered repackaging requests. You can set the legitimate version information: Valid Package Name: Specify the legitimate app package name. Example: example.aliyundoc.com. Signature: Specify the corresponding app package signature to verify. If verification is needed, submit a ticket to contact us. If you do not need to verify the app package signature, leave the package signature field empty. WAF will only verify the specified legitimate app package name. Important The Signature is not the app certificate signature. You can add up to five legitimate versions. Package names cannot be repeated. The logical operator between conditions is OR. Mitigation action You can set the action for the configured Repackaging Detection rule to Monitor, Block, Slider CAPTCHA, or Strict Slider CAPTCHA Verification. Custom Rule If the default device features do not provide sufficient protection, you can click Create Rule under Custom Rule and complete the following configurations: Match Condition: You can add up to five match conditions. If you configure multiple match conditions, the rule takes effect only when all conditions are met. Click to view supported match fields eeid_is_root: Indicates whether the device has root permissions. eeid_is_proxy: Indicates whether a proxy is used. eeid_is_simulator: Indicates whether an emulator is used. eeid_is_debugged: Indicates whether the app is being debugged. eeid_is_hook: Indicates whether the app is hooked. eeid_is_virtual: Indicates whether app cloning is used. eeid_is_new: Indicates whether it is a new device. eeid_is_wiped: Indicates whether the device is suspected of being flashed. eeid_short_uptime: Indicates whether the device uptime is too short. eeid_abnormal_time: Indicates whether the local time of the device is abnormal. eeid_running_frame_xposed: Indicates whether Xposed Framework is used. eeid_running_frame_frida: Indicates whether Frida is used. eeid_running_frame_cydia: Indicates whether Cydia is used. eeid_running_frame_fishhook: Indicates whether fishhook is used. eeid_running_frame_va: Indicates whether the VirtualApp framework is used. eeid_running_frame_magisk: Indicates whether Magisk is used. eeid_running_frame_edxposed: Indicates whether the EdXposed framework is used. eeid_umid: Indicates the UMID value of the device. appname: Indicates the application name. packagename: Indicates the package name. appversion: Indicates the application version number. version: Indicates the WAF SDK version number. brand: Indicates the mobile phone brand. model: Indicates the mobile phone model. product: Indicates the product code. manufacture: Indicates the mobile phone manufacturer. hardware: Indicates the hardware name. Action: The supported actions are Monitor, Block, Slider CAPTCHA, Strict Slider CAPTCHA Verification, and Mark For Origin Fetch. If you select Mark For Origin Fetch, you must also set the Header Name and Header Content for the mark. You can add up to 10 conditions. The logical operator between the conditions is OR.
   Bot Behavior Detection	After you select Intelligent Protection, you must set the rule action for detected bot behavior to Monitor, Slider CAPTCHA, Strict Slider CAPTCHA Verification, or Mark For Origin Fetch. If you select Mark For Origin Fetch, you must also set the Header Name and Header Content for the mark. After you enable this feature, the bot mitigation rule uses intelligent protection engines to analyze and automatically learn from access traffic, generating targeted mitigation rules or blacklists.
   Throttling	After you enable this feature, you can customize access frequency limits to filter bot requests with excessively high frequencies. This effectively mitigates HTTP flood attacks. IP Address Throttling (Default) If the number of access requests from the same IP address exceeds the specified Threshold (Times) within the Statistical Interval (Seconds), WAF applies the specified Action to subsequent requests from that IP address for the duration of the Throttling Interval (Seconds). The available actions are Block, Monitor, Slider CAPTCHA, and Strict Slider CAPTCHA Verification. You can set up to three conditions. The logical operator between the conditions is OR. Device Throttling If the number of access requests from the same device exceeds the specified Threshold (Times) within the Statistical Interval (Seconds), WAF applies the specified Action to subsequent requests from that device for the duration of the Throttling Interval (Seconds). The available actions are Block, Monitor, Slider CAPTCHA, and Strict Slider CAPTCHA Verification. You can set up to three conditions. The logical operator between the conditions is OR. Custom Session Throttling If the number of access requests for a specified Session Type exceeds the specified Threshold (Times) within the Statistical Interval (Seconds), WAF applies the specified Action to subsequent requests in that session for the duration of the Throttling Interval (Seconds). The available actions are Block, Monitor, Slider CAPTCHA, and Strict Slider CAPTCHA Verification. You can set up to three conditions. The logical operator between the conditions is OR. Session Type supports Custom Header, Custom Parameter, Custom Cookie, and Session.
   Bot Threat Intelligence	Bot Threat Intelligence Library Contains source IP addresses that have launched multiple malicious bot attacks against multiple users on Alibaba Cloud within a period of time. WAF applies the Monitor, Slider CAPTCHA, Strict Slider CAPTCHA Verification, or Mark For Origin Fetch action to these IP addresses. If you select Mark For Origin Fetch, you must also set the Header Name and Header Content for the mark. Data Center Blacklist After you enable this feature, if a source IP address of an attack belongs to a selected IP address library, WAF applies the Monitor, Slider CAPTCHA, Block, Strict Slider CAPTCHA Verification, or Mark For Origin Fetch action. If you select Mark For Origin Fetch, you must also set the Header Name and Header Content for the mark. Note If you use source IP addresses from public clouds or data centers to access your services, add known legitimate calls to a whitelist, such as payment callbacks from Alipay or WeChat, and monitoring programs.

6. On the Configure Effective Scope page of the wizard, complete the following configurations and click Next.

   Configuration item	Description
   Apply To	Select the protected objects or protected object groups to which you want to apply the rule. Click the icon to move the selected objects or groups to the Selected area.
   Effective Period And Grayscale Release	Set the grayscale release and effective period for the selected mitigation rule. If you do not configure these settings, Grayscale Release is disabled for the rule and the rule is Permanently Effective by default. Locate the destination rule and click Edit in the Actions column. Configure the grayscale release and effective period. Grayscale Release: Configure the percentage of objects to which the rule applies based on different dimensions. After you enable grayscale release, you must set the Dimension and Grayscale Ratio. The available Dimensions are IP, Custom Header, Custom Parameter, Custom Cookie, and Session. Note The grayscale rule is applied based on the Dimension you set, not randomly to a percentage of requests. For example, if you select the IP dimension for grayscale release, all requests from an IP address that triggers the rule will be matched. Effective Mode Permanently Effective (Default): The rule is always in effect when the mitigation template is enabled. Effective Within A Time Period: You can set a specific time period in a specific time zone for the rule to be effective. Effective On A Recurring Basis: You can set a specific time period of each day in a specific time zone for the rule to be effective. You can also select multiple rules and modify their grayscale release and effective period mode in a batch.

7. On the Verify Protection Effect page of the wizard, test the bot mitigation rule.

   We recommend that you verify the mitigation action before you publish the policy. This helps prevent incorrect blocking caused by rule configuration errors or compatibility issues. If you are sure that the rule is correctly configured, you can click Skip in the lower-left corner.

   Follow these steps to perform the verification:

   1. Step 1: Enter a public IP address.

      Enter the public IP address of your test device (PC or mobile phone). The bot mitigation rule test applies only to this public IP address and does not affect your services.

      Important

      Do not enter the IP address queried using the ipconfig command (which is an internal IP address). If you are unsure of your device's public IP address, you can use an online IP query tool to find it.

   2. Step 2: Select an action.

      Generate a test rule that applies only to your test IP address. This rule uses the mitigation actions configured on the Configure Protection Rules page. You can select Block Verification or SDK Signature Verification to verify the execution result of the mitigation action.

      Click Test in the test action module. WAF immediately applies the mitigation policy to the test device and displays a demonstration and a description of the test result. We recommend that you review them carefully.

      After the test is complete, click I Have Completed the Test to proceed to the next step. If the test result is abnormal, click Go Back. Refer to FAQ for testing bot mitigation policies to optimize the rule and test again.

Create a basic mitigation rule

If your business is targeted by low-level or mid-level bots, you can configure simpler basic mitigation rules. Basic protection does not provide a default rule template. To enable this feature, you must create a new rule template.

1. Log on to the WAF 3.0 console. In the top navigation bar, select the resource group and region of the WAF instance. You can select Chinese Mainland or Outside Chinese Mainland.

2. In the left-side navigation pane, choose Protection Configuration > Bot Management.

3. On the Basic Protection tab, click Create Template.

4. In the Create Template - Bot Management panel, complete the following configurations and click OK.

   Configuration item	Description
   Template Name	Set a name for the template. The name of the template must be 1 to 255 characters in length and can contain letters, digits, periods (.), underscores (_), and hyphens (-).
   Template Description	Enter a description for the template.
   Action	Set the action for the mitigation rule to Block or Monitor.
   Advanced Settings	Grayscale Release: Configure the percentage of objects to which the rule applies based on different dimensions. After you enable grayscale release, you must set the Dimension and Grayscale Ratio. The available Dimensions are IP, Custom Header, Custom Parameter, Custom Cookie, and Session. Note The grayscale rule is applied based on the Dimension you set, not randomly to a percentage of requests. For example, if you select the IP dimension for grayscale release, all requests from an IP address that triggers the rule will be matched. Effective Mode Permanently Effective (Default): The rule is always in effect when the mitigation template is enabled. Effective Within A Time Period: You can set a specific time period in a specific time zone for the rule to be effective. Effective On A Recurring Basis: You can set a specific time period of each day in a specific time zone for the rule to be effective.
   Apply To	From the added protected objects and object groups, select the ones to which you want to apply the template.

The new rule template is enabled by default. On the Basic Protection tab, you can perform the following operations in the rule template card area:

• View the rule IDs included in the template.

  Note

  A basic mitigation template contains three rule IDs: two for whitelist rules and one for a rule that consists of an access control list (ACL) and an HTTP flood protection rule. You can use these rule IDs to view the mitigation effect in security reports. For more information, see Security reports.

• Copy, Edit, or Delete a rule template.

• Use the switch on the template to enable or disable it.

• View the rule actions and the number of associated Protected Object/Group.

FAQ for testing bot mitigation policies

If an exception occurs during the Verify Protection Effect step, refer to the following table to resolve the issue.

What to do next

You can view the execution records of mitigation rules on the Security Reports page. For more information, see Security reports.