Policy Application Pages
Policy Application Pages is a feature that manages URL paths where BotManager policies are applied.
Overview
Policies are applied only to pathnames registered in the list. If no pathname is registered, policies are applied to all pages under the service domain.
How It Works:
| Registration Status | Behavior |
|---|---|
| Path Registered | Policies applied only to registered paths |
| Path Not Registered | Policies applied to all pages |
Sub-path Inclusion Option:
| Option | Description | Application Example |
|---|---|---|
| Include | Apply policies to registered path and all sub-paths | When /api is registered• /api → Applied• /api/users → Applied• /api/products → Applied |
| Exclude | Apply policies only to exactly matching paths | When /api is registered• /api → Applied• /api/users → Not Applied• /api/products → Not Applied |
Policy Application Scope
Policy application pages apply to most policies. However, policies that directly specify paths in policy configuration are exceptions.
Policies That Specify Paths in Policy Configuration
The following policies can directly specify paths in policy configuration and operate independently of policy application page settings:
- Excessive Requests to Specific Path (1 day) 1~5
- Excessive Direct Requests to Specific Path 1~5
- Requests to Specific Path Outside Set Hours 1~5
Example:
If the path of the "Excessive Requests to Specific Path (1 day)" policy is set to /api/payment in policy configuration, the policy operates only on /api/payment regardless of what paths are registered in policy application pages.
All Other Policies
All other policies, including static policies, access environment-based policies, access frequency-based policies, and access pattern-based policies, operate only on paths registered in policy application pages.
How It Works:
| Policy Application Page Status | Policy Operation Scope |
|---|---|
| Path Registered | Policies operate only on registered paths |
| Path Not Registered | Policies operate on all paths |
Example:
/apiregistered in policy application pages- "Excessive URL Requests (1 second)" policy activated
- Result: Policy operates only on
/apiand its sub-paths (/api/users, etc.) - Policy does not operate on other paths like
/home,/products, etc.
Path Registration
Step 1: Access Registration Screen
- Navigate to the Policy Application Pages menu in the BotManager console.
- The registered path list is displayed.
| Column | Description |
|---|---|
| No | Sequence number |
| pathname | Registered path |
| Include Sub-paths | Include/Exclude |
| Registrant | User who registered |
| Registration Date | Registration date and time |
| Modification Date | Last modification date and time |
Step 2: Add Path
- Click the + button.
- Enter pathname (e.g.,
/api,/events). - Check or uncheck the Include All Sub-paths checkbox.
- Checked: Include sub-paths
- Unchecked: Only exactly matching paths
- Click the Save button.
Step 3: Modify Path
- Select the path to modify from the list.
- Click the Modify button.
- Change pathname or sub-path inclusion setting.
- Click the Save button.
Step 4: Delete Path
- Select the path to delete from the list.
- Click the Delete button.
- Click Confirm in the confirmation dialog.
If no paths are registered, policies are applied to all pages under the service domain.
Usage Examples
Example 1: E-commerce API Protection
Scenario: Apply bot blocking policies only to payment API and order API in an online shopping mall
Registration Method:
- pathname:
/api/payment - Include All Sub-paths: Checked
- pathname:
/api/order - Include All Sub-paths: Checked
Application Result:
/api/payment→ Policy applied/api/payment/process→ Policy applied/api/order→ Policy applied/api/order/status→ Policy applied/api/product→ Policy not applied (not registered)/home→ Policy not applied
Example 2: Admin Page Protection
Scenario: Apply policies to entire admin pages, but handle login page separately
Registration Method:
- pathname:
/admin - Include All Sub-paths: Checked
- pathname:
/admin/login - Include All Sub-paths: Unchecked
Application Result:
/admin→ Policy applied/admin/dashboard→ Policy applied/admin/users→ Policy applied/admin/login→ Policy applied (exact match)/admin/login/forgot→ Policy not applied (sub-paths not included)
Example 3: Event Page Protection
Scenario: Apply bot blocking policies only to promotion event pages
Registration Method:
- pathname:
/events - Include All Sub-paths: Checked
Application Result:
/events→ Policy applied/events/summer-sale→ Policy applied/events/black-friday/2024→ Policy applied/products→ Policy not applied/home→ Policy not applied
Example 4: Full Site Protection
Scenario: Apply policies to entire service
Registration Method:
- pathname:
/ - Include All Sub-paths: Checked
Application Result:
- Policies applied to all paths (
/,/home,/products,/api, etc.)