Skip to main content

Policy

BotManager's Policy defines the criteria for determining bots. When an access request violates the set policy conditions, it is determined to be a bot and is detected or blocked according to the action mode.

Sub-documents

Core Concepts

Covers core concepts for understanding the BotManager policy system:

  • Detection Engine: Core component that analyzes access requests to determine if they are bots
  • Action Mode: Method of processing requests determined to be bots (detect/block)
  • Automatic Block Release: Feature that automatically releases blocked users after a set time
  • Secondary Verification: Additional verification through CAPTCHA and browser challenges

Policy Types

Explains the types and classification system of policies provided by BotManager:

  • Static Policies: Policies that make immediate judgments based on fixed conditions (browser automation tools, developer tools, header analysis, etc.)
  • Dynamic Policies: Policies that make judgments through real-time data collection and analysis (access environment, access frequency, access patterns, time-based access)

Policy Management

Provides management functions for policy configuration and operation:

  • Policy Configuration: Configure activation, action mode, thresholds, etc. for each policy
  • Policy Application Pages: Specify URL paths to apply policies
  • Exception Target Management: Exclude specific users, IPs, and User-Agents from policy application

Statistics

Provides statistics functions to analyze policy application results from various perspectives:

  • Access Statistics: Analyze results of all access requests by time period, page, and IP
  • Bot Type Statistics: Statistics by bot attack type and effectiveness analysis of behavior analysis policies
  • Country Statistics: Analyze country-wise distribution of access requests and bot access status

Policy System Overview

The BotManager policy system distinguishes between normal users and bots by combining various detection techniques. Access requests go through domain activation check, exception target check, blocking history check, and policy verification, and are judged by static and dynamic policies, ultimately being processed as one of three results: pass, detect, or block.

Key Components

Policy Types

BotManager provides two main types of policies:

TypeDescriptionExamples
Static PoliciesPolicies that make immediate judgments based on fixed conditionsBrowser automation tools, developer tools, header analysis
Dynamic PoliciesPolicies that make judgments through real-time data collection and analysisBehavior analysis, statistical analysis, click event analysis

For more details, see Policy Types.

Action Mode

Requests determined to be bots by policies are processed differently according to Action Mode:

  • Detection Mode: Detected as a bot but access is allowed. Only logs are recorded.
  • Blocking Mode: Detected as a bot and access is blocked by the system.

For more details, see Action Mode.

Secondary Verification

When determined to be a bot by dynamic policies (behavior analysis), you can verify once more whether it is actually a bot through Secondary Verification:

  • CAPTCHA: Image-based human verification
  • Browser Challenge: Browser environment verification

For more details, see Secondary Verification.

Exception Targets

You can exclude specific users or IPs from policy application to always treat them as normal users.

For more details, see Exception Target Management.

Quick Start

1. Activate Policy

  1. Navigate to the Policy menu in the BotManager console.
  2. Select and activate the policy to use.
  3. Set the action mode (detect/block).

For detailed configuration methods, see Policy Configuration.

2. Set Policy Application Pages

Specify the URL paths to apply policies. If not set, they are applied to all pages.

For more details, see Policy Application Pages.

3. Monitor Statistics

Check policy application results through statistics: