Policy Configuration
Explains how to configure activation, action mode, thresholds, etc. for each policy in the BotManager console.
Policy List Screen
You can view and manage all policies in the Policy menu of the console.
Policy Filter
Policies can be filtered by type:
| Category | Description |
|---|---|
| Automation Tools | Manage automation program usage |
| Access Environment | Manage access environment such as IP, ID |
| Access Frequency | Manage abnormal request counts |
| Access Patterns | Manage access showing abnormal behavior patterns |
| Access Time | Manage access outside allowed hours |
Configuration Items
Activation/Deactivation
Sets whether to use the policy.
| Status | Description |
|---|---|
| Activated | Policy is applied and performs detection/blocking |
| Deactivated | Policy is not applied |
Threshold counting is maintained even if you deactivate and then reactivate a policy.
Action Mode
Sets how to process requests determined to be bots by policies.
| Mode | Description |
|---|---|
| Detection | Only logs are recorded and access is allowed |
| Block | Access is blocked |
Recommended Operation Method:
- Start with Detection Mode when applying new policies
- Monitor for 1-2 weeks and check for false positives
- Switch to Blocking Mode after confirming stability
For more details: Action Mode
Automatic Bot Release
Sets the time for blocked users to automatically return to normal users.
| Setting | Description |
|---|---|
| Disabled | No automatic release (manual release required) |
| Time Setting | Automatic release after specified time |
Default Value: 20 minutes
For more details: Automatic Block Release
Threshold Configuration
Sets the value that serves as the bot determination criteria in dynamic policies.
| Policy Type | Threshold Example |
|---|---|
| Access Frequency | Request count (e.g., 3 requests/sec, 100 requests/day) |
| Multiple Sessions | Session ID count (e.g., 10) |
| Multiple IPs | IP count (e.g., 10) |
| Multiple Countries | Country count (e.g., 2) |
| Time-Based | Time range (e.g., 1 minute) |
Example: If the threshold of the "Excessive URL Requests (1 second)" policy is set to 3, it is determined to be a bot when 4 or more requests are made in 1 second.
Secondary Verification Configuration
Sets additional verification in behavior analysis policies.
| Verification Type | Description |
|---|---|
| CAPTCHA | Image-based human verification |
| Browser Challenge | Automatic browser environment verification |
CAPTCHA Configuration Items:
- Success Count: Number of successes that must be achieved
- Total Verification Count: Maximum number of attempts allowed
Secondary verification can only be applied to Behavior Analysis Policies. It is not applied to static policies (automation tools, header analysis, etc.).
For more details: Secondary Verification
Policy Configuration Method
Step 1: Select Policy
- Navigate to the Policy menu.
- Select the policy to configure.
- The policy detail screen opens.
Step 2: Basic Configuration
- Activation: Set whether to use the policy (On/Off).
- Action Mode: Select Detection or Block.
- Automatic Bot Release: Set release time or select Disabled.
Step 3: Additional Configuration for Dynamic Policies
For dynamic policies, configure the following items additionally:
- Threshold: Set the bot determination criteria value.
- Secondary Verification (Optional): Configure CAPTCHA or browser challenge.
Step 4: Save
After completing all configurations, click the Save button.
Configuration Examples
Example 1: Automation Tool Blocking (Static Policy)
Scenario: Block bots using automation tools such as Selenium, Puppeteer
| Configuration Item | Value |
|---|---|
| Policy | Browser Automation Tools |
| Action Mode | Block |
| Automatic Bot Release | 20 minutes |
Description: Automation tool detection makes immediate determinations, so threshold configuration is not needed. Setting to blocking mode blocks all requests using automation tools.
Example 2: High-Speed Bot Blocking (Access Frequency)
Scenario: Block high-speed bots making 3 or more requests per second
| Configuration Item | Value |
|---|---|
| Policy | Excessive URL Requests (1 second) |
| Action Mode | Block |
| Threshold | 3 requests |
| Automatic Bot Release | 20 minutes |
| Secondary Verification | CAPTCHA |
Description: Setting the threshold to 3 requests means it is determined to be a bot when 4 or more requests are made in 1 second. Setting secondary verification performs additional verification through CAPTCHA when determined to be a bot.
Example 3: Multiple IP Access Detection (Access Environment)
Scenario: Detect abnormal patterns where the same session ID accesses from multiple IPs
| Configuration Item | Value |
|---|---|
| Policy | One session ID requests from multiple IPs |
| Action Mode | Detection |
| Threshold | 10 IPs |
| Automatic Bot Release | Disabled |
Description: Set to detection mode to initially only record logs, analyze patterns, and switch to blocking mode if necessary. It is determined to be a bot when a session ID accesses from 10 or more different IPs.
Example 4: Bulk Account Creation Prevention (Access Environment)
Scenario: Prevent multiple session IDs from being issued from one IP within a short time
| Configuration Item | Value |
|---|---|
| Policy | Multiple session IDs issued from one IP within an hour |
| Action Mode | Block |
| Threshold | 3 |
| Automatic Bot Release | Disabled |
| Secondary Verification | Browser Challenge |
Description: If 3 or more session IDs are issued from the same IP within 1 hour, it is determined to be a bot and blocked. Additional verification is performed through browser challenge.
Example 5: Repetitive Pattern Detection (Access Patterns)
Scenario: Detect bots that repeatedly call URLs at regular intervals
| Configuration Item | Value |
|---|---|
| Policy | Repeated URL calls at regular minute intervals |
| Action Mode | Detection |
| Threshold | 2 times |
| Automatic Bot Release | Immediate Release |
Description: It is determined to be a bot when 2 or more repeated calls are made at the same time interval. Initially set to detection mode to analyze patterns, and switch to blocking mode if there are no false positives.
Example 6: Time-Based Access Restriction (Access Time)
Scenario: Policy that allows access only during specific time periods
| Configuration Item | Value |
|---|---|
| Policy | Requests to specific path outside set hours |
| Action Mode | Detection |
| Threshold | 13:00:00~15:00:00 (Allowed Hours) |
| Automatic Bot Release | Disabled |
Description: Allows access only between 1 PM and 3 PM, and detects requests during other time periods. Suitable for services with clear operating hours.