The content of this page has been automatically translated by AI. If you encounter any problems while reading, you can view the corresponding content in Chinese.
Through scenario configuration in BOT and Business Security, you can quickly create protection policies that fit business scenarios and support creating multiple scenarios based on different business types, finely protecting core website APIs and businesses from BOT attacks. BOT management supports two configuration modes by default: Simple Mode and Multi-Scenario Mode, to meet the configuration needs of different users.
Simple Mode: If the domain needs to quickly deploy a catch-all protection policy for all paths, it is recommended to use Simple Mode. This mode supports quickly enabling the expert-preset ruleset, front-end countermeasures, and intelligent analysis feature, monitoring BOT traffic in the business. You can switch to block mode after observing the hit traffic.
Multi-Scenario Mode: If the domain needs to deploy different personalized protection configurations for different paths, it is recommended to use Multi-Scenario Mode. This mode supports configuring different paths and enabling different expert-preset basic rule sets and custom rule sets for different business scenarios (such as flash sales, anti-scanning, anti-crawling, etc.). You can switch to block mode after observing the hit traffic.
This article will introduce the operation guide for Multi-Scenario Mode. Multi-Scenario Mode is suitable for scenarios where a domain needs different personalized protection configurations for different paths. It supports configuring different paths and enabling different expert-preset basic rule sets and custom rule sets for different business scenarios (such as flash sales, anti-scanning, anti-crawling, etc.). You can switch to block mode after observing the hit traffic.
Already in the BOT and Business Security page, select the domain name that needs protection and enable the BOT traffic switch.
Note:
Precise domain access, CLB object type access supports enabling the BOT traffic switch.
Search for the required CAM policy as needed, and click to complete policy association.
Switch to multi-scenario mode
1. Log in to the WAF Console, in the left-side navigation bar, select Configuration Center > BOT and Business Security.
2. On the BOT and Business Security page, select the domain name that needs protection at the top left, then click BOT Management.
3. In the BOT Overview of BOT Management, enable BOT Management's
, and click Switch to multi-scenario mode.
Note:
After switching to Multi-scenario Mode, in the basic protection of the BOT Protection page, some default configurations will be enabled and support Customized Adjustment.
4. After switching to Multi-scenario Mode, in the basic protection of the BOT Protection page, some default configurations will be enabled and support Customized Adjustment.
Create BOT Scenario
1. Log in to the WAF Console, in the left-side navigation bar, select Configuration Center > BOT and Business Security.
2. On the BOT and Business Security page, select the domain name that needs protection at the top left, then click BOT Management.
3. On the BOT protection page in BOT management, click Create New Scenario.
4. In the new scenario pop-up window, configure the relevant parameters and click Create Now.
Note
Selecting Flash Sale, log in to, and Crawl Copy/Scrape Content will cause any Custom Scenario to conflict with a system preset scenario.
After selecting the corresponding scenario, a Custom Rule for protecting the relevant business scenario will be automatically generated for you. The rule defaults to "observe" mode; you can switch to block mode after observing the hit traffic.
Parameter Description:
Custom Scenario Name: Describe the scenario name, with a maximum of 50 characters.
Select Business Scenario to Protect: Multiple selections are supported. You can choose Flash Sale, log in to, Crawl Copy/Scrape Content, Scan, Critical Protection, and Custom Scenarios.
Select Default Enabled Rule Sets: The corresponding scenario rule sets are enabled by default, and the rule action is monitoring. We recommend enabling all rule sets to identify more types of BOTs, maximizing default protection capability.
Client Type: The client type accessing the protection target. Only Browser/HTML5 types support enabling the frontend bot defense feature.
Priority: The execution priority of this scenario, enter an integer within the range of 1-100, the smaller the number, the higher the priority.
Effective Range: The effective range of this scenario under the domain name supports both full range and customized range.
When selecting a customized range, you can enter up to 5 conditions.
Multiple conditions can be set to take effect using the "AND" or "OR" logic
In a single match content, multiple values separated by carriage return can be entered, up to 20 values. When selecting logical symbols as include, equal to, belong to, prefix match, or suffix match, the effect logic between multiple values is OR; For logical symbols not include, not equal to, not belong to, the effect logic between multiple values is AND.
5. In the scenario-based management list, the created scenario card data will appear. Click Edit Scene to modify the submitted scenario configuration.
BOT Scenario Configuration
1. In scenario-based management, select the target scenario, click the View Configuration on the right to further view and adjust the policy configuration in the scenario.
2. In the scenario details page, you can view the basic scenario information, click View Traffic to see the traffic report and BOT details that hit the scenario strategy.
3. The scenario configuration includes three interception modules: front-end defense, custom rules, and action policy. You can set custom settings for the corresponding modules. For tailored configuration scenario strategies based on business characteristics, refer to BOT Scenario-based Practice Tutorial.
