Action Mode
Action Mode defines how to process access requests determined to be bots by policies.
Mode Types
BotManager provides two action modes:
| Mode | Description | User Experience |
|---|---|---|
| Detection | Detected as a bot but access is allowed | Normal service usage available |
| Block | Detected as a bot and access is blocked | Block page displayed or secondary verification |
Detection Mode
How It Works
In detection mode, even if determined to be a bot, actual blocking does not occur.
Features
- Bot determination results are recorded in logs
- Users can use the service normally
- Counted as detection count in statistics data
- Secondary verification does not operate
Use Cases
| Scenario | Description |
|---|---|
| Policy Testing | Assess impact before applying new policies |
| Threshold Tuning | Monitor to derive appropriate threshold values |
| False Positive Analysis | Analyze cases where normal users are detected as bots |
When applying new policies, it is recommended to first operate in detection mode to collect sufficient data, then switch to blocking mode.
Blocking Mode
How It Works
In blocking mode, requests determined to be bots are actually blocked.
Features
- Access by users determined to be bots is blocked
- Block page displayed to blocked users
- Additional verification possible through secondary verification
- Automatic block release time can be set
Secondary Verification Integration
In blocking mode, you can configure secondary verification:
| Secondary Verification | Description |
|---|---|
| Not Configured | Immediate block when determined to be a bot |
| Configured | Additional verification through CAPTCHA or browser challenge |
For more details, see Secondary Verification.
Mode Selection Guide
Recommended Situations for Detection Mode
- When first applying policies
- When adjusting threshold values
- When checking for false positives of normal users
- When understanding traffic patterns
Recommended Situations for Blocking Mode
- After sufficient operation in detection mode
- When policy thresholds are verified
- When clear bot attacks are confirmed
- When immediate defense is needed
Precautions When Switching Modes
Detection → Blocking Switch
- Recommended to operate in detection mode for at least 1-2 weeks
- Analyze detection statistics to check for false positives
- Adjust thresholds if necessary, then switch to blocking mode
- Continue monitoring statistics after switching
Blocking → Detection Switch
- Applied immediately
- Already blocked users remain blocked until automatic release time
- Detection mode applies only to new bot determinations
Per-Policy Mode Configuration
Each policy can have its action mode configured individually:
If a single access request is determined to be a bot by multiple policies, it will be blocked if even one policy is set to blocking mode.
Statistics Recording
Statistics recording by action mode:
| Item | Detection Mode | Blocking Mode |
|---|---|---|
| Detection Count | O | - |
| Block Count | - | O |
| Bot Type Statistics | O | O |
| Access IP Records | O | O |