Bot Deception
To prevent bot deception, you can configure to insert link into HTML type response pages. For regular clients, the link is invisible, while for malicious bots like web crawler, they may request the resources which the invisible link points at.
To configure bot deception
- Go to BOT MITIGATION > Bot Deception.
You must have already enabled this module in Add Modules. See How to add or remove a module. - For Deception URL, specify the deception URL to be inserted in the HTML response page, which can be either an absolute path or a relative path.
- Click +Create Rule to enter the literal URL, such as
/index.php
, or a regular expression, such as^/*.php
that the HTTP request must contain in order to match the rule. Multiple URLs are supported. - Click OK.
- Select the action that FortiWeb Cloud takes when it detects a violation of the rule from the top right corner.
To configure the actions, you must first enable the Advanced Configuration in Global > System Settings > Settings.Alert
Accept the request and generate an alert email and/or log message.
Alert & Deny
Block the request (or reset the connection) and generate an alert email and/or log message.
Deny(no log)
Block the request (or reset the connection).
Period Block
Block the current request. Moreover, all the subsequent requests from the same client in the next 10 minutes will also be blocked. The default blocking period is 10 minutes. You can configure this value according to your own needs.
- Click SAVE.