Secondary Verification
Secondary Verification is a procedure that verifies whether a user is a legitimate accessor through additional security verification steps when determined to be a bot by behavior analysis policies.
Overview
Secondary verification operates only in Blocking Mode. It does not proceed in detection mode.
Verification Types
BotManager provides two secondary verification methods:
| Type | Description | Features |
|---|---|---|
| CAPTCHA | Image-based human verification test | Requires direct user input |
| Browser Challenge | Automatic browser environment verification | Automated processing, minimal user intervention |
Verification Type Selection
Select and apply one verification type in the console:
CAPTCHA Verification
How It Works
CAPTCHA verification proves that the user is human by having them directly input characters or patterns displayed in images.
Success Conditions
To pass CAPTCHA verification, you must satisfy both the set success count and attempt count.
| Configuration Item | Description |
|---|---|
| Success Count | Number of successes that must be achieved in CAPTCHA verification |
| Total Verification Count | Maximum number of verification attempts allowed |
Example:
- Success count: 3
- Total verification count: 5
- → Must succeed 3 times within 5 attempts to pass
Failure Conditions
Verification is treated as failed if any of the following conditions apply:
- Verification attempt count exceeded
- Success count not met
Verification count is only counted when the [Submit] button is clicked. Clicking the Refresh button is not included in the count.
CAPTCHA Verification Flow
Browser Challenge
How It Works
Browser challenge automatically verifies the user's browser environment to confirm it is a real browser.
- Minimal user intervention
- Automated verification process
- Fast processing speed
Verification Items
Main items verified in browser challenge:
| Verification Item | Description |
|---|---|
| JavaScript Execution | Whether JavaScript executes normally |
| Browser Fingerprint | Verify browser unique characteristics |
| Cookie Support | Whether cookies are stored and transmitted |
| Rendering Engine | Verify actual browser rendering engine |
Behavior Analysis Policies and Secondary Verification
Secondary verification can only be applied to Behavior Analysis Policies. It is not applied to static policies (automation tools, header analysis, etc.).
Applicable Policy Types
| Policy Type | Secondary Verification Applicable |
|---|---|
| Browser Automation Tools | X |
| Developer Tools | X |
| Header Analysis | X |
| IP Management | X |
| Foreign IP Management | X |
| Behavior Analysis Policies | O |
Configuration Location
You can individually configure whether to apply secondary verification and verification counts for each behavior analysis policy.
Overall Processing Flow
Verification Result Processing
On Success
- Call
/releaseAPI to release block - Move to original service page
- Process as normal user
On Failure
- Call
/blockAPI to register block - Move to block (Deny) page
- Maintain block until automatic block release time
Statistics Check
Secondary verification results can be checked in Bot Type Statistics:
- Number of secondary verification exposures
- Success count
- Bot detection rate
For more details, see Bot Type Statistics.