By checking the client events such as mouse movement, keyboard, screen touch, and scroll, etc in specified period, FortiWeb Cloud judges whether the request comes from a human or from a bot.
- Go to BOT MITIGATION > Biometrics Based Detection.
You must have already enabled this module in Add Modules. See How to add or remove a module.
- Configure these settings.
Monitor Client Events
Select at least one client event according to your need.
- Mouse Movement
- Screen Touch
Event Collection Period Specify the time period that the events will be collected from the client. Bot Effective Time For the identified bot, choose the time period before FortiWeb Cloud tests and verifies the bot again.
- Click +Create Rule.
- For URL, enter the literal URL, such as
/index.php, or a regular expression, such as
^/*.phpthat the HTTP request must contain in order to match the rule. Multiple URLs are supported.
- Click OK.
- Select the action that FortiWeb Cloud takes when it detects a violation of the rule from the top right corner.
To configure the actions, you must first enable the Advanced Configuration in Global > Settings.
Accept the request and generate an alert email and/or log message.
Alert & Deny
Block the request (or reset the connection) and generate an alert email and/or log message.
Block the request (or reset the connection).
- Click SAVE.