Anti-Bot Service

An advanced anti-bot protection service that reduces the effect of automated attacks on your website.

Anti-Bot Service provides comprehensive bot defense for Web applications, HTML5 websites, mobile apps, and APIs. It can effectively reduce the risks caused by specific vulnerabilities. You can use Anti-Bot Service in the following scenarios: flight seating occupancy, online scalping, user enumeration, and core API exploitation. Anti-Bot Service is a reverse proxy technology based SaaS solution that allows you to specify custom protection policies to identify and control malicious traffic. You can also view the protection status in the console.


Comprehensive Protection Solution
Provides comprehensive anti-bot protection that covers the Web, mobile apps, and APIs.
Mass Information Sharing
Provides large amounts of security threat information on the cloud and timely updates protection policies against attacks.
Easy to Use
Get protection with simple access configurations, no code change required on the server side.
Accurate Identification
Identifies and filters malicious traffic without affecting the user experience.


Visualization of Protection Status

Dynamically monitors risks and adjusts protection policies, and provides statistical reports of the protection status.

Real-time monitoring

Dynamically monitors risks and timely adjusts protection policies to protect against risks.

Statistical reports

Displays the effects of protection based on multiple conditions so that you can fully understand the security status of your service.

Accurately Blocks Malicious Traffic

Filters malicious traffic based on multiple protection policies to avoid service interruptions.

Blacklist and whitelist access control

Allows you to add specific IP addresses or CIDR blocks to the blacklist or whitelist.

Accurately intercepts malicious requests

Allows you to create custom protection policies based on common HTTP header fields, such as the IP, URL, User Agent, and Referer parameters to achieve accurate access control.

Deep learning customization

Supports deep learning to build and train custom models based on your business processes.

Bot identification of apps

Supports quick SDK integration with the apps to check API validity and identify bot features. The service also computes the unique device fingerprint, which serves as a better identifier than the IP or User Agent.

Threat Intelligence Sharing

Shares large amounts of security threat intelligence on the cloud and quickly responds to attacks.

Information about malicious IP addresses

Provides information about millions of malicious IP addresses, including crawler IP addresses, data centers, and modem pools.

Threat intelligence provided by Alibaba Cloud services

Provides access to threat intelligence data that is generated by hundreds of millions of devices connected with Alibaba Cloud services.

Multiple Handling Methods

Allows you to intercept suspicious requests or implement captcha verification with custom UI design.

Request interception

You can choose to intercept requests from malicious servers to protect your site.

Captcha verification

For suspicious requests, you can choose to use a slider captcha to validate the identity of the visitor.


  • Online scalping
  • Core API exploitation
Flight seating occupancy

Flight seating occupancy

Prevents unwanted flight seating occupancy.

Scalpers use crawlers to search for discount flights and send requests to occupy seats. This wastes a large amount of resources and causes a high seat vacancy rate. Airline companies also suffer great losses.


  • Traversal requests from crawlers

    Crawlers send a large number of traversal requests to search for discount flights. This causes server performance issues and slows down the response of the server.

  • Seat occupation

    Crawlers send reservation requests to occupy seats.

Online scalping

Online scalping

Prevents online scalping, promotion sabotage, and promotion exploitation.

Scalpers send large amounts of requests to buy goods that are on sale during a promotion period. After obtaining these goods, the scalpers resell these goods at a higher price to make profits. This prevents the marketing campaigns from benefiting regular customers.


  • Promotion sabotage

    Scalpers use software to send multiple requests to buy out all of the goods as soon as these goods become available.

  • Promotion exploitation

    Hackers send large numbers of requests to snatch red envelopes. This wastes marketing resources.

Core API exploitation

Core API exploitation

Prevents core APIs from exploitation and misuse.

The logon, registration, and text messaging processes are the key processes of the entire business. Hackers may exploit the corresponding APIs to commit fraud.


  • SMS API misuse

    Hackers exploit the SMS API to perform SMS bombing.

  • User enumeration

    Hackers attempt to log on to your site by enumerating account information and commit fraud.

  • Zombie accounts

    Hackers send multiple registration requests to create zombie accounts that are used to commit future fraud.