With bot and business security, users can enable and configure corresponding module content in bot management, and combine bot traffic analysis and access logs to observe and analyze. Based on the session status provided by traffic analysis, refined strategies can be set to protect core website interfaces and businesses from bot infringement.
Bot management supports configuration of bot scenario types, client risk identification (browser bot defense module), threat intelligence module, AI evaluation module, bot flow statistics module, action score, custom rules, token configuration, and legitimate bots. You can configure these modules for refined bot management.
Contextualization of Bot
This feature leverages Tencent Cloud's years of expertise in bot governance, supporting detection of over 1,000+ crawler types for scenarios like flash sales, price/content crawling, and login. It integrates client risk identification (browser bot defense module), threat intelligence module, AI policy module, intelligent analysis, action score, session management, legitimate bots, and custom rules. It simplifies configuration, making it easy to use.
Client Risk Identification (Browser Bot Defense Module)
This feature uses the dynamic identity verification technology and generates a unique ID for each client's business request to detect possible bots and malicious crawlers in the access to websites or HTML5 pages.
Threat Intelligence Module
This feature is built on Tencent's nearly 20 years of experience in cybersecurity and big data intelligence. It determines the status of an IP in real time and uses a scoring mechanism to quantify a risk. It precisely identifies the access from a malicious dynamic IP and IDC. In addition, it intelligently identifies the features of a malicious crawler to cope with risky access requests from malicious crawlers, distributed crawlers, proxies, credential stuffing, and bargain hunting.
AI Evaluation Module
This feature builds AI evaluation models from AI technologies and Tencent's experiences in controlling risks and fighting cybercrimes. Through big data analysis and AI modeling of access traffic, it quickly identifies malicious requesters and defends against risky access requests from APT and hidden threat bots.
Bot Flow Statistics Module
Based on big data analysis, this feature automatically classifies customer traffic by characteristic and identifies abnormal and malicious traffic. It automatically adjusts the malicious traffic threshold and handles risky access requests from general and high-frequency bots. With auto-adjustment modeling, it resolves most of the bot behavior bypasses.
Action Setting
This feature leverages the threat intelligence module, AI evaluation module, and bot flow statistics module to provide a comprehensive score ranging from 0 to 100 for the risk level of an access request to a website. The higher the score, the more likely it is from a bot, and the higher the risk level. With the score provided by bot analytics, the risk level of an access request is intelligently identified, and you can precisely block a risky access request based on actions configured for different score ranges.
Simultaneously, it supports precise handling of request data that meets the specified effective scope through configuration.
Session Management
This feature allows you to configure the token location of a session to differentiate between access behaviors of different users through the same IP. Therefore, you can precisely handle a user with abnormal access behavior without affecting other users.
Legitimate bots
This feature allows legitimate bots (such as search engines and feed bots) to get website data so that the website can be normally indexed.
Custom Rules
This feature allows you to precisely handle compliant crawlers and access requests with different characteristics.
Simultaneously, it supports precise handling of request data that meets the specified effective scope through configuration.
BOT allowlist
This feature allows you to add the access requests from specified public network users to the allowlist based on the combination of different features, such as HTTP packet session feature, request feature, cookie, HTTP header, scope, IP feature, User-Agent, Referer, and session settings.
Priority from high to low: Bot allowlist > Scenario 1 (priority 1) > Scenario 2 (priority 2) > ... > Scenario n (priority m).