Amazon WAF Bot Control
This section explains what Bot Control does.
With Bot Control, you can easily monitor, block, or rate limit bots such as scrapers, scanners, crawlers, status monitors, and search engines. If you use the targeted inspection level of the rule group, you can also challenge bots that don't self identify, making it harder and more expensive for malicious bots to operate against your website. You can protect your applications using the Bot Control managed rule group alone, or in combination with other Amazon Managed Rules rule groups and your own custom Amazon WAF rules.
Bot Control includes a console dashboard that shows how much of your current traffic is coming from bots, based on request sampling. With the Bot Control managed rule group added to your web ACL, you can take action against bot traffic and receive detailed, real-time information about common bot traffic coming to your applications.
Note
You are charged additional fees when you use this managed rule group. For more information, see Amazon WAF Pricing
The Bot Control managed rule group provides a basic, common protection level that adds labels to self-identifying bots, verifies generally desirable bots, and detects high confidence bot signatures. This gives you the ability to monitor and control common categories of bot traffic.
The Bot Control rule group also provides a targeted protection level that adds detection for sophisticated bots that don't self identify. Targeted protections use detection techniques such as browser interrogation, fingerprinting, and behavior heuristics to identify bad bot traffic. Additionally, targeted protections provide optional automated, machine-learning analysis of website traffic statistics to detect bot-related activity. When you enable machine learning, Amazon WAF uses statistics about website traffic, such as timestamps, browser characteristics, and previous URL visited, to improve the Bot Control machine learning model.
For more information about the Bot Control managed rule group, see Amazon WAF Bot Control rule group.
When Amazon WAF evaluates a web request against the Bot Control managed rule group, the rule group adds labels to requests that it detects as bot related, for example the category of bot and the bot name. You can match against these labels in your own Amazon WAF rules to customize handling. The labels that are generated by the Bot Control managed rule group are included in Amazon CloudWatch metrics and your web ACL logs.
You can also use Amazon Firewall Manager Amazon WAF policies to deploy the Bot Control managed rule group across your applications in multiple accounts that are part of your organization in Amazon Organizations.