Anti-Bot (Web Bots Security)

open-appsec's Web Bots engine aims at recognizing if the origin of incoming traffic to the protected web application was a human or an automatic script (such as a bot), and to allow blocking non-human activity when set to Prevent mode.

How to set up open-appsec Anti-Bot

Step 1: Locate the exact URLs used by the login/registration forms of your web application

The Anti-Bot protection injects scripts to the response when a user performs a "GET" request, and uses the output of the injected script to analyze the behavior upon the "POST" request of the login page, as the user fills the login/registration forms.

A security administrator protecting a web application, needs to request the owner of the web application's API, for the following:

• All URIs used to access login/registration pages (via the GET method).

• All URIs used to POST the login/registration request/form.

Once both the security administrator has both lists, the next steps are performed in the administration web application for CloudGuard AppSec.

Step 2: Browse to Assets and edit the Web Application asset

Once the asset edit window opens, select the "Anti Bot" tab and create a new "Anti Bot" practice.

Step 3: Add the list of login/registration URIs to inject scripts and URIs to validate

Click on the '+' sign in each of the 2 URI tables and add:

• In the Injected URIs table - the login/registration "GET" URIs from step 1.

• In the Validated URIs table - the login/registration "POST" URIs from step 1.

Step 3: Make sure the Mode of the Web Bots sub-practice is as desired

Setting the Mode to As Top Level means inheriting the primary mode of the practice.

Otherwise you can override it only for this specific sub-practice to Detect/Prevent/Disable.

Step 4: Enforce Policy

Click Enforce above the top banner of the open-appsec portal.