The Professional Mode of Bots allows you to combine conditions for common match fields, such as IP, Referer, and User-Agent, to filter access requests and apply observe, slider verification, or block actions to requests that match the conditions. This topic uses examples to introduce common match fields in Bots and describe how to configure the corresponding rules.
Bots Professional Mode is available only with the Enterprise edition plan. If users on other plans switch to Professional Mode, they are prompted to upgrade to the Enterprise edition plan and cannot configure rule matching or perform actions. To use this feature, please upgrade to the Enterprise edition plan.
The examples in this topic are for reference only. Configure bot policies based on your specific business needs. For more information about match conditions, see Match fields, Operators and grouping symbols, and Match values.
User-Agent
User-Agent is a key field in the HTTP request header that identifies the characteristics of an accessing device, such as its operating system, browser type, and version. By configuring User-Agent blocklist and allowlist rules, you can precisely control access sources and enhance the security of your business acceleration services.
Configuration example
Recently, your services have been targeted by malicious search engine crawlers, causing a sharp increase in bandwidth costs. Analysis reveals that the crawler's User-Agent contains Python-requests, and you want to block these requests. You can configure the rule as follows:
In the If requests match... section, set the match field to
User-Agent, the operator to contains, and the value toPython-requests.
In the Then execute... section, turn on the Fake Spider Blocking switch to block matching crawlers.
Serves static resources
A static request is a client request for a static file, such as an image, audio, or video file. The server returns the file directly without dynamically processing or generating content.
When the match field is Serves Static Resources, the on position (
) applies the action to static requests, and the off position (
) applies it to non-static requests.
Configuration example
An e-commerce platform notices that a large number of bots, disguised as normal users, are frequently requesting product images. This activity causes a surge in ESA bandwidth costs. You need to create a protection policy to accurately distinguish between legitimate users and malicious bots accessing static resources.
In the If requests match... section, set the match field to Serves Static Resources, the operator to equals, and set the switch to
.
In the Then execute... section, configure protection policies such as Legitimate Bot Management, Bot Characteristic Detection, and Bot Behavior Detection.
JavaScript verified
JavaScript detection injects a lightweight, invisible JavaScript snippet into the response for HTML pages or page view requests. It blocks requests from non-browser tools that cannot execute JavaScript, while allowing requests that pass the detection to proceed.
When the match field is If requests match..., the on position () applies the action to requests that have passed JavaScript detection, and the off position () applies it to requests that have not passed JavaScript detection.
Configuration example
Assume you have enabled the JavaScript detection feature on your website to identify bots. You now need to add search engine crawlers that pass the JavaScript detection to an allowlist, allowing them to bypass further checks from the bot management module.
In the If requests match... section, set the match field to JavaScript Verified, the operator to equals, and set the switch to
.In the Then execute... section, next to Legitimate Bot Management, click Configure, and select the search engines you want to allowlist.
JA3/JA4 fingerprint
JA3 and JA4 are technical fingerprints used to identify SSL/TLS clients. JA3 generates a unique identifier by creating an MD5 hash of the Client Hello packet from the TLS handshake. JA4 is an upgraded version that supports multiple protocols and uses a readable, modular string format, enhancing its resistance to spoofing and improving extensibility.
Configuration example
An e-commerce platform's API for querying product prices and inventory experienced data leaks and performance degradation due to high bandwidth consumption from malicious Python crawlers disguised as browsers. Therefore, a JA3 fingerprint blacklist rule is configured in the ESA Professional Mode to directly block requests that match known malicious fingerprints, such as Python-requests and Scrapy.
In If requests match..., set the match field to JA3 Fingerprint, the match operator to is in, and the match value to
Python-requestsorScrapy.In the Then execute... section, turn on the Fake Spider Blocking switch to block matching crawlers.
