Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiWeb 8.0.3 Administration Guide
    8.0.3
    8.0.3
    8.0.2
    8.0.1
    8.0.0
    7.6.7
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.3.23
    6.2.8
    6.1.4
    5.7.0
    5.6.1
    5.6.0
    5.6.0

    WAF solutions against bot attacks

    WAF solutions against bot attacks

    Bots account for a significant portion of global web traffic, with many engaging in malicious activities such as credential stuffing, web scraping, fraud, API abuse, and DDoS attacks. These automated threats pose serious risks to web applications, leading to data breaches, service disruptions, and financial losses. Organizations must implement effective bot mitigation strategies to protect their digital assets from these evolving threats.

    Key Bot-Related Threats

    • Credential Stuffing

      Credential stuffing occurs when attackers use stolen username-password combinations from previous data breaches to gain unauthorized access to user accounts. Bots automate these login attempts, testing thousands of credentials across multiple platforms.

    • Web Scraping

      Scraping bots systematically extract competitive intelligence, pricing information, or proprietary data from websites without authorization. While some scrapers are harmless, others engage in data theft, intellectual property violations, and unfair competitive practices.

    • Account Takeover (ATO) Attacks

      Automated bots attempt to hijack user accounts by exploiting weak credentials or security flaws. ATO attacks often involve credential stuffing, brute-force attacks, or session hijacking to gain control over user accounts, leading to identity fraud, financial theft, and data breaches.

    • API Abuse & Enumeration

      APIs are a common target for bot-driven attacks, where automated scripts exploit API endpoints to extract data, test credentials, or identify vulnerabilities. Attackers may attempt API enumeration, where bots systematically guess API parameters to gain unauthorized access to sensitive information.

    • DDoS Attacks

      Distributed Denial of Service (DDoS) attacks involve massive volumes of bot-generated traffic overwhelming web services, disrupting operations, and causing downtime. Attackers often use botnets—networks of compromised devices—to flood websites and APIs with malicious traffic.

    • Fake Account Creation & Spam

      Bots are frequently used to create fake user accounts, generate spam content, and manipulate online platforms. These activities can lead to fraud, reputational damage, and resource exhaustion for businesses.

    FortiWeb’s Multi-Layered Bot Protection

    To effectively mitigate malicious bot activity, FortiWeb employs a combination of AI-driven detection, behavioral analysis, and real-time threat intelligence:

    • Known Bots Detection – FortiWeb’s Known Bots feature utilizes global threat intelligence to block traffic from known malicious botnets, stopping automated attacks at the network edge.

    • Proactive Bot Deception – The Bot Deception feature uses hidden links and traps to expose and intercept automated crawlers and unauthorized scrapers that do not behave like legitimate users.

    • Behavioral AI & Anomaly Detection – FortiWeb provides several advanced detection methods:

      • Threshold-Based Detection: Flags abnormal behavior based on predefined metrics like request rates and repetitive patterns.

      • Biometric-Based Detection: Analyzes user interactions such as mouse movements, scrolling, and typing rhythms to distinguish bots from real users.

      • Machine Learning-Based Detection: Builds dynamic behavioral models from legitimate traffic to automatically identify and respond to anomalies.

    • CAPTCHA & JavaScript Challenges – FortiWeb employs progressive challenge mechanisms to verify human users, effectively blocking bots that cannot process JavaScript or solve CAPTCHA tests.

    • Scrubbing Center-Based Bot Detection – FortiWeb integrates with the Advanced Bot Protection service powered by FortiAppSec, a Fortinet SaaS solution designed to detect and mitigate sophisticated automated threats. It defends against data harvesting, credential stuffing, account takeovers, application-layer DDoS, and other forms of fraudulent bot activity using real-time bot intelligence and cloud-based traffic analysis.

    • DoS Attack Mitigation – FortiWeb delivers robust protection against both application-layer and network-layer denial-of-service (DoS) attacks, including HTTP floods, TCP SYN floods, and excessive connection attempts.

    Watch the following videos on FortiWeb's Bot Mitigation features:

    For best practices of configuring your WAF to effectively defend against the bot attacks, see WAF Solutions against Bot Attacks.

    Previous
    Next

    WAF solutions against bot attacks

    WAF solutions against bot attacks

    Bots account for a significant portion of global web traffic, with many engaging in malicious activities such as credential stuffing, web scraping, fraud, API abuse, and DDoS attacks. These automated threats pose serious risks to web applications, leading to data breaches, service disruptions, and financial losses. Organizations must implement effective bot mitigation strategies to protect their digital assets from these evolving threats.

    Key Bot-Related Threats

    • Credential Stuffing

      Credential stuffing occurs when attackers use stolen username-password combinations from previous data breaches to gain unauthorized access to user accounts. Bots automate these login attempts, testing thousands of credentials across multiple platforms.

    • Web Scraping

      Scraping bots systematically extract competitive intelligence, pricing information, or proprietary data from websites without authorization. While some scrapers are harmless, others engage in data theft, intellectual property violations, and unfair competitive practices.

    • Account Takeover (ATO) Attacks

      Automated bots attempt to hijack user accounts by exploiting weak credentials or security flaws. ATO attacks often involve credential stuffing, brute-force attacks, or session hijacking to gain control over user accounts, leading to identity fraud, financial theft, and data breaches.

    • API Abuse & Enumeration

      APIs are a common target for bot-driven attacks, where automated scripts exploit API endpoints to extract data, test credentials, or identify vulnerabilities. Attackers may attempt API enumeration, where bots systematically guess API parameters to gain unauthorized access to sensitive information.

    • DDoS Attacks

      Distributed Denial of Service (DDoS) attacks involve massive volumes of bot-generated traffic overwhelming web services, disrupting operations, and causing downtime. Attackers often use botnets—networks of compromised devices—to flood websites and APIs with malicious traffic.

    • Fake Account Creation & Spam

      Bots are frequently used to create fake user accounts, generate spam content, and manipulate online platforms. These activities can lead to fraud, reputational damage, and resource exhaustion for businesses.

    FortiWeb’s Multi-Layered Bot Protection

    To effectively mitigate malicious bot activity, FortiWeb employs a combination of AI-driven detection, behavioral analysis, and real-time threat intelligence:

    • Known Bots Detection – FortiWeb’s Known Bots feature utilizes global threat intelligence to block traffic from known malicious botnets, stopping automated attacks at the network edge.

    • Proactive Bot Deception – The Bot Deception feature uses hidden links and traps to expose and intercept automated crawlers and unauthorized scrapers that do not behave like legitimate users.

    • Behavioral AI & Anomaly Detection – FortiWeb provides several advanced detection methods:

      • Threshold-Based Detection: Flags abnormal behavior based on predefined metrics like request rates and repetitive patterns.

      • Biometric-Based Detection: Analyzes user interactions such as mouse movements, scrolling, and typing rhythms to distinguish bots from real users.

      • Machine Learning-Based Detection: Builds dynamic behavioral models from legitimate traffic to automatically identify and respond to anomalies.

    • CAPTCHA & JavaScript Challenges – FortiWeb employs progressive challenge mechanisms to verify human users, effectively blocking bots that cannot process JavaScript or solve CAPTCHA tests.

    • Scrubbing Center-Based Bot Detection – FortiWeb integrates with the Advanced Bot Protection service powered by FortiAppSec, a Fortinet SaaS solution designed to detect and mitigate sophisticated automated threats. It defends against data harvesting, credential stuffing, account takeovers, application-layer DDoS, and other forms of fraudulent bot activity using real-time bot intelligence and cloud-based traffic analysis.

    • DoS Attack Mitigation – FortiWeb delivers robust protection against both application-layer and network-layer denial-of-service (DoS) attacks, including HTTP floods, TCP SYN floods, and excessive connection attempts.

    Watch the following videos on FortiWeb's Bot Mitigation features:

    For best practices of configuring your WAF to effectively defend against the bot attacks, see WAF Solutions against Bot Attacks.

    Previous
    Next