Mitigation Actions
Mitigation actions are essential for safeguarding your website or application from malicious bots. These actions include monitoring traffic, enabling CAPTCHA challenges, and blocking malicious bots. Each action serves a specific purpose, and together they provide robust protection against malicious bots while ensuring legitimate users can access your services seamlessly.
Captcha
CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a security measure designed to differentiate between human users and bots by presenting a challenge that is difficult for bots to solve but easy for humans.
How it Works
When 'Captcha' (CAPTCHA) is defined as the mitigation action for a rule, IP addresses or Visitor IDs that match the rule criteria will be required to solve the Captcha challenge before accessing your application.
For example, if the ‘Captcha’ is designated for the risk category 'Likely Automated', visitors classified under 'Likely Automated' will be required to solve the Captcha challenge when they access your application.
Benefits
Effectively blocks automated bots that cannot solve the challenges while maintaining a user-friendly experience for legitimate users.
Blocking
Blocking prevents identified malicious bots from accessing your website or application by denying their requests.
How it Works
When 'Block' is defined as the mitigation action for a rule, IP addresses or Visitor IDs that match the rule criteria will be prevented from accessing your website or application.
For example, if the ‘Block’ action is designated for the risk category ‘Automated’, visitors classified under ‘Automated' are prevented from accessing your application.
Benefits
- Immediate Protection: Provides instant protection by stopping malicious bots from accessing your site.
- Resource Conservation: Saves server resources by preventing unnecessary processing of bot traffic.
- Customizable: Allows for customization of blocking rules to fit specific security needs.
Monitoring
Monitoring involves continuously observing traffic to your website or application to detect unusual patterns or behaviors that may indicate the presence of bots.
How it Works:
When the ‘Monitor’ is defined as the mitigation action for a rule, IP addresses or Visitor IDs that match the rule criteria will be monitored to detect unusual patterns or behaviors.
For example, if the ‘Monitor’ action is designated for the risk category ‘Human’, visitors classified under ‘Human’ can access your application normally and are under our observation.
Benefits:
- Early Detection: Monitoring helps identify bot activity early, reducing the risk of attacks.
- Detailed Insights: Provides comprehensive insights into traffic patterns and user behavior.
- Improved Response: Enables quick response to potential threats, minimizing damage.
Configuring Rules & Actions
Once you have a clear understanding of how mitigation actions work, you can begin establishing various strategies to effectively block or challenge undesirable bot traffic. Using our Rules & Actions feature, you can assign specific actions to predefined rules to manage and mitigate bot threats efficiently.
Configure the Action for each Risk Category
The Mitigation Actions feature enables you to manage the action for each risk category. To plan the mitigation strategies effectively, it is essential to understand the risk categories that IntelliFend defines for visitors.
Risk Categories
The risk category indicates how likely a visitor is a bot. Visitors are classified into one of five risk categories based on their risk score:
- Detecting: Includes new visitors who have not yet been analyzed by our detection rules (typically within the first 15 minutes of accessing the application).
- Human: Include visitors who have been analyzed and did not violate any detection rules.
- Likely Automated: Include visitors who present certain attributes associated with bots, but lack strong confirmation to be categorized as such.
- Automated: Includes visitors showing strong indicators of being bots.
- Good Bot: Include visitors recognized as beneficial bots, such as Google bots, Bing bots.
Once you fully understand the definition of each risk category, you can begin configuring the mitigation action for each risk category.
The following procedure describes how to modify the mitigation actions of risk categories:
-
In IntelliFend Back Office, go to the Rules and Actions page.
-
On the Mitigation Actions section, drag and drop the Risk Category to the preferred mitigation action.
-
Click the Save button.
Configure the Allow List
The Allow List feature enables you to designate and manage IP addresses and Visitor IDs that will be monitored when they access your application. E.g. add the IP addresses or the Visitor IDs of your organization to the Allow List.
The following procedure describes how to add an IP address or a Visitor ID to the Allow List.
- In IntelliFend Back Office, go to the Rules and Actions page.
- On the Manage Rules section, click the Allow List tab.
- Click the + button.
- On the Add to Allow List dialog,
- For Type, select IP address to add an IP address or select Visitor ID to add a Visitor ID.
- For Value, enter the corresponding IP address or Visitor ID, ensuring the value matches the selected type.
- For Description, provide a brief description optionally.
- Click the Save button.
Configure your Disallow List
The Disallow List feature enables you to designate and manage IP addresses and Visitor IDs that will be blocked from accessing your application. E.g. add the IP addresses or the Visitor IDs you know are malicious bots to the Disallow List.
Understanding different bot types and the potential effects of bot activities on your website or application is essential for efficiently identifying which IP addresses and Visitor IDs should be added to the Disallow List, particularly concerning security, performance, and user experience.
The following procedure describes how to add an IP address or a Visitor ID to the Disallow List.
- In IntelliFend Back Office, go to the Rules and Actions page.
- On the Manage Rules section, click the Disallow List tab.
- Click the + button.
- On the Add to Disallow List dialog,
- For Type, select IP address to add an IP address or select Visitor ID to add a Visitor ID.
- For Value, enter the corresponding IP address or Visitor ID, ensuring the value matches the selected type.
- For Description, provide a brief description optionally.
- Click the Save button.
