Fortinet black logo

User Guide

Home FortiWeb Cloud User Guide

Bot Deception

Copy Link
Copy Doc ID a9687b55-f2f2-11ee-8c42-fa163e15d75b:196475
Download PDF

Bot Deception

To prevent bot deception, you can configure to insert link into HTML type response pages. For regular clients, the link is invisible, while for malicious bots like web crawler, they may request the resources which the invisible link points at.

To configure bot deception

  1. Go to BOT MITIGATION > Bot Deception.
    You must have already enabled this module in Add Modules. See How to add or remove a module.
  2. For Deception URL, specify the deception URL to be inserted in the HTML response page, which can be either an absolute path or a relative path.
  3. Click +Create Rule to enter the literal URL, such as /index.php, or a regular expression, such as ^/*.php that the HTTP request must contain in order to match the rule. Multiple URLs are supported.
  4. Click OK.
  5. Select the action that FortiWeb Cloud takes when it detects a violation of the rule from the top right corner.
    To configure the actions, you must first enable the Advanced Configuration in Global > System Settings > Settings.

    Alert

    Accept the request and generate an alert email and/or log message.

    Alert & Deny

    Block the request (or reset the connection) and generate an alert email and/or log message.

    Deny(no log)

    Block the request (or reset the connection).

    Period Block

    Block the current request. Moreover, all the subsequent requests from the same client in the next 10 minutes will also be blocked. The default blocking period is 10 minutes. You can configure this value according to your own needs.

  6. Click SAVE.
Previous
Next

Bot Deception

To prevent bot deception, you can configure to insert link into HTML type response pages. For regular clients, the link is invisible, while for malicious bots like web crawler, they may request the resources which the invisible link points at.

To configure bot deception

  1. Go to BOT MITIGATION > Bot Deception.
    You must have already enabled this module in Add Modules. See How to add or remove a module.
  2. For Deception URL, specify the deception URL to be inserted in the HTML response page, which can be either an absolute path or a relative path.
  3. Click +Create Rule to enter the literal URL, such as /index.php, or a regular expression, such as ^/*.php that the HTTP request must contain in order to match the rule. Multiple URLs are supported.
  4. Click OK.
  5. Select the action that FortiWeb Cloud takes when it detects a violation of the rule from the top right corner.
    To configure the actions, you must first enable the Advanced Configuration in Global > System Settings > Settings.

    Alert

    Accept the request and generate an alert email and/or log message.

    Alert & Deny

    Block the request (or reset the connection) and generate an alert email and/or log message.

    Deny(no log)

    Block the request (or reset the connection).

    Period Block

    Block the current request. Moreover, all the subsequent requests from the same client in the next 10 minutes will also be blocked. The default blocking period is 10 minutes. You can configure this value according to your own needs.

  6. Click SAVE.
Previous
Next