DocsICP FilingConsole
官方文档
首页

Protect mobile apps

更新时间:
复制 MD 格式
产品详情
我的收藏

ESA provides distinct bot management solutions to secure native apps and embedded H5 pages. For native apps, protection policies use bot characteristic detection, bot throttling, a bot threat intelligence library, and data center blacklists to block automated attacks and malicious traffic. For H5 pages, protection policies combine bot management features, such as search engine allowlists, with behavior detection and custom rate-limiting rules to accurately distinguish between legitimate users and malicious bots. Using layered protection and coordinated policies, ESA helps you defend against bot attacks, reduce bandwidth consumption, prevent resource abuse, and lower data breach risks, ensuring the stability and security of your mobile applications.

Protect native apps

If you have a native app developed for iOS or Android, follow these steps to configure bot protection rules and defend against app crawlers. These steps do not apply to H5 pages embedded in your app.

  1. In the ESA console, navigate to Websites, and then click your target website in the Website column.

  2. In the left-side navigation pane, choose Security > Bot management.

  3. Click professional mode > Create ruleset. Enter a Ruleset name and set Service Type to Apps.

  4. Next to SDK Integration, click Obtain and Copy AppKey. Contact Us to obtain the SDK package and integrate it into your app. For detailed instructions, see Integrate the protection SDK with an Android application or Integrate the protection SDK with an iOS application.

  5. In the If requests match... section, configure a rule expression that defines the conditions for filtering requests. For example, to apply bot protection to requests from the IP address 192.168.0.1, you can configure the expression as (ip.src eq 192.168.0.1). For more information about supported fields, see Fields for bot protection rules.image

  6. In the Then execute... section, select a protection policy to apply.

    Protection policy parameters

    Protection policy

    Description

    Bot Characteristic Detection

    • Abnormal Device Behavior: When enabled, this option detects and takes action on requests from devices with abnormal characteristics. Abnormal characteristics include:

      • Expired Signature: Enabled by default. The device's request timestamp has expired.

      • Using Simulator: The device is running a simulator.

      • Using Proxy: The device is using a proxy.

      • Rooted Device: The device is rooted.

      • Debugging Mode: Debugging mode is enabled on the device.

      • Hooking: A hooking program is running on the device.

      • Multiboxing: Multiple instances of the app are running on the device.

      • Simulated Execution: The device is executing operations that simulate user behavior.

      • Using Script Tool: Automated scripts are running on the device.

    • Custom Signature Field: After SDK integration, this detects requests with missing or invalid signatures.

    • Action: Set the action to monitor or block.

      • Monitor: Triggers an alert without blocking the request.

      • Block: Blocks the request.

    • Secondary Packaging Detection: When you enable this option, requests from apps that are not on the allowlist of valid package names and signatures are considered repackaged. Specify the valid app information:

      • Valid package name: Specify the valid package name for your app, for example, example.aliyundoc.com.

      • Package signature: Contact Alibaba Cloud technical support to obtain the package signature. If you only need to verify the package name, leave this field empty.

        Note

        The package signature is different from the app certificate signature.

    Bot Throttling

    • IP Address Throttling (Default): Specifies that if the number of requests from a single IP address exceeds the specified threshold within the statistical interval (Seconds), subsequent requests from that IP address trigger a rate-limiting action (block or monitor) for a specified duration.

    • Device Throttling: Specifies that if the number of requests from a single device exceeds the specified threshold within the statistical interval (Seconds), subsequent requests from that device trigger a rate-limiting action (block or monitor) for a specified duration.

    • Custom Session Throttling: Define a custom session type. If the number of requests from a single session exceeds the specified threshold within the statistical interval (Seconds), subsequent requests from that session trigger a rate-limiting action (block or monitor) for a specified duration.

    Bot Threat Intelligence Library

    This library contains the IP addresses of sources known to have performed malicious crawling activities against multiple Alibaba Cloud users within a certain period. Set the action to monitor or slider CAPTCHA.

    Data Center Blacklist

    When enabled, this feature blocks traffic from the selected IP libraries. If you access your services from public clouds or internet data center (IDC) servers, make sure to add known legitimate IP addresses to an allowlist. Examples include IP addresses for payment callbacks (such as Alipay or WeChat) or monitoring services. The data center blacklist supports the following IP libraries: Alibaba Cloud, 21Vianet, Meituan Cloud, Tencent Cloud, and Others.

  7. In the Effective Time section, click Edit in the Actions column. Set the time range and click OK.

  8. After you complete the configuration, click OK.

Protect H5 pages embedded in apps

If your app includes embedded H5 pages, set up rulesets. These rulesets use behavior analysis, feature detection, and a bot threat intelligence library to identify and block malicious bot attacks.

Previous:Protect static resourcesNext:Integrating the protection SDK for Android applications