How to install Azion Bot Manager Lite from Azion Marketplace

Azion Bot Manager Lite is a serverless integration available at Azion Marketplace. It was built on top of an edge function on Edge Firewall that analyzes incoming requests and gives them a score based on a group of rules and behaviors. If the score is equal to or greater than the predetermined threshold, the integration executes the defined action. Otherwise, the request is processed (allow, as default action). Available actions for Bot Manager Lite: allow, deny, drop, redirect, custom HTML, random delay, and hold the connection.

This integration enables the detection of suspicious traffic and bad bots, facilitating the implementation of preventive measures against malicious activities such as credential stuffing, vulnerability scanning, and site scraping. Bot Manager Lite leverages machine learning and Reputation Intelligence to examine the behavior of incoming data.


Getting the integration

To use Azion Bot Manager Lite:

  1. Access Azion Console > Marketplace.
  2. On the Marketplace’s homepage, select the integration’s card.
  3. Once the integration’s page opens, click the Install button, at the bottom-right corner of the page.

A successful message appears to confirm your integration is installed.


Configuring the integration

Setting up Edge Firewall

To instantiate Azion Bot Manager Lite, follow the steps:

  1. On the upper-left corner, select Products menu > Edge Firewall in the Secure section.
  2. Click the + Edge Firewall button.
  3. Give an easy-to-remember name to your new edge firewall.
  4. Select the domains you want to protect with the function.
  5. Enable the Edge Functions switch in the Modules section.
  6. Click the Save button.

Done. Now you’ve configured your edge firewall and it has access to Edge Functions.

Setting up the function

While still on the Edge Firewall page:

  1. Select the Functions tab.
  2. Click the Add Function button.
  3. Give an easy-to-remember name to your instance.
  4. On the dropdown menu, select the Azion Bot Manager Lite function.

The Args code box is where you’ll pass your variables.

{
"threshold": 10,
"action": "deny"
}

Even when threshold and action are mandatory variables to be defined, you can add and define more variables, according to your needs, as shown in the example below:

{
"threshold": 10,
"action": "deny",
"disabled_rules": [],
"log_tag": "my_custom_tag"
}

Where:

VariableTypeRequiredDescription
actionStringYesThe action to be taken by the function whenever the request’s score is greater or equals the defined threshold. Possible values: allow, deny, redirect, custom_html, drop, random_delay, and hold_connection. Read more about configuring actions
thresholdNumberYesThe maximum score that the request can reach before the function takes an action. If it has no value, the function won’t take action
disabled_rulesArray of numbersNoThe rules to be disabled. If a rule is disabled, it won’t be processed nor increment the request score
internal_logsStringNoThe Logging Class that the function will use. Possible values:
0: write logs if the request score is greater than 0.
1: only write logs if the request score is greater than 0, or if the request is classified as “Good Bot”.
2: always write logs.
3: never write logs.
Default value: 0. When this field has no value or has an invalid value, the function will use the default value
log_headersArray of stringsNoDefines which request headers should be included in the function’s report log. For security reasons, the following headers are forbidden:
authorization, cookie, proxy-authorization, set-cookie, x-csrf-token, x-api-key, x-amz-security-token.
Note: the headers’ values are going to be stored with base64 encode
log_tagStringNoA tag to identify the function instance that generated the request in the logs. It’s recommended to use customized and unique tags
session_signature_keyStringNoThis string is used to sign, as encrypted data, the signed bot session cookie. This validation protects against cookie tampering. If this field has no value or an invalid value, the function will use the default value az
should_write_warning_logsBooleanNoDefines whether the function will write warning logs to Real-Time Events. Default value: false
  1. When you’re done, click the Save button.

Setting up the Rules Engine

To finish, you have to set up a Rules Engine to configure the behavior and the criteria to run the integration.

Still in the Edge Firewall page:

  1. Select the Rules Engine tab.
  2. Click the + Rules Engine button.
  3. Give an easy-to-remember name to the rule.
    • You can add a description, but it’s an optional step.
  4. Select a criteria to run and catch the domains that you want to run the integration on.
    • Use this rule: if Request URI does not match "\.(png|jpg|css|js|jpeg|gif|ico|ttf|svg|woff|woff2|ashx|asmx|svc|swf|otf|eot)(\?.*)?$"
      • This rule is strongly recommended to exclude all static data on your application to be processed by the function. You can customize this rule if needed.
  5. You have to create additional criteria for this integration to work: if Request URI does not match /.well-know/
    • This rule is highly recommended to create a list of allowed IPs that don’t impact automation or scripts to WEB API.
  6. Below, select Run Function behavior.
  7. Select the function according to the name you gave it in step 3.
  8. Click the Save button.

Done. You now have your domains protected against bot attacks by using Azion Bot Manager Lite.


Configuring actions

Azion Bot Manager Lite can execute 7 different actions whenever the request’s score equals or exceeds the defined threshold. Read more about each one below:

  1. allow: allows the continuation of the request. To enable this action, you must declare it as follows:
"action": "allow"

This action doesn’t require any additional arguments.

If the score is less than the predetermined threshold, the request is processed, being allow the default action.

  1. deny: delivers a standard Status Code 403 response. To enable this action, you must declare it as follows:
"action": "deny"

This action doesn’t require any additional arguments.

  1. drop: terminates the request without a response to the user. To enable this action, you must declare it as follows:
"action": "drop"

This action doesn’t require any additional arguments.

  1. redirect: allows the request to be redirected to a new URL/location when the security threshold is reached. To enable this action, you must declare the variables as in the example:
"action": "redirect",
"redirect_to": "http://xxxxxxxxxx.map.azionedge.net/"

Where redirect_to: defines the new URL/location to redirect the requests. If this field isn’t filled or filled with a value that isn’t a string, the function will behave as if the allow action was enabled.

  1. custom_html: allows customized HTML content to be delivered to the user in case of a threshold violation. To enable this action, you must declare the variables as in the example:
"action": "custom_html",
"custom_html": "This should be the custom HTML content",
"custom_status_code": 418,

Where custom_html defines the HTML content to be delivered and custom_status_code is the status code to be delivered.

  • If custom_html isn’t filled or it’s filled with a value that isn’t a string, the function will behave as would happen with the allow action enabled.
  • If custom_status_code isn’t filled or it’s filled with a value that isn’t a number, the default value will be a Status Code 200.
  1. random_delay: makes the function wait for a random period between 1 and 10 seconds before allowing the request to proceed. To enable this action, you must declare it as follows:
"action": "random_delay"

This action doesn’t require any additional arguments.

  1. hold_connection: holds the request, keeping the connection open for 1 minute before dropping it. To enable this action, you must declare it as follows:
"action": "hold_connection"

This action doesn’t require any additional arguments.


Viewing logs

You can use Data Stream and Real-Time Events to get the Bot Manager Lite logs and monitor the bot activity in your applications.

Using Data Stream

To create a new stream for Bot Manager Lite activity:

  1. Access Azion Console > Data Stream.
  2. Click the + Stream button.
  3. Give your stream a unique and easy-to-remember name.
  4. In the Data Settings section, select Edge Functions as Source.
  • You must be subscribed to Edge Functions.
  1. In Template, select Edge Functions Event Collector and it’ll show the variables to be used in your logs’ analysis in the Data Set code box.
  2. On Domains, select between Filter Domains or All Current and Future Domains.
  3. Under Destination, select a Connector on the dropdown menu.
  • You’ll see different fields depending on the endpoint type you choose. Find more information on each of them on the Setting an endpoint page.
  1. Click the Save button.

Now, you can check the logs in the selected endpoint.

Using Real-Time Events

To access Real-Time Events, proceed as follows:

  1. Access Azion Console > Real-Time Events.
  2. Select the Edge Functions tab.
  3. Define the Time Filter, according to the period you want to analyze.
  4. Use the Search bar to create a more specific search.

Managing Bot Manager Lite

Azion will provide you with easy-to-go configurations, that should be enough for most of the cases. If you need a more detailed configuration, such as custom rules, you can edit the JSON file for the integration.

To find this file:

  1. On the upper-left corner, select Products menu > Edge Firewall in the Secure section.
  2. Select the one related to Bot Manager Lite.
  3. Open the Functions Instances tab to load the integration’s configuration.
  4. Select the function instance to edit.
  5. Edit the variables in the Arguments code box.
  6. Click the Save button.

Tune Azion Bot Manager Lite according to the necessities of your business.

Go to the Manage Bots Guide

Contributors