Tips to get the most out of Bot Mitigation

Malicious automated traffic is constantly growing, both in volume and sophistication. Advanced bots replicate mouse movements and clicks through browser automation software or malware installed on real devices. In addition, evasive bots employ stealth techniques, hiding behind anonymous proxies, VPNs, peer-to-peer networks, and spoofed headers.

In this context, identifying and neutralizing these threats, without affecting legitimate traffic, is critical. Effectively detecting bot traffic and mitigating malicious bots is simple if you learn how to combine advanced automated detection with customizable responses.

Below, we present a series of tips to help you get the most out of our Bot Mitigation solution. You will be able to ensure robust protection tailored to your needs in just a few clicks.

Customize bot detection levels according to risk

The first step to optimize the use of Bot Mitigation is to properly configure the detection parameters. You can adjust aspects such as:

• Minimum Risk Score: set a threshold that defines when to block requests. For example, block IPs with a risk of 60 or higher.
• ASN Detection: identify and block IPs associated with suspicious autonomous systems. You can adjust the settings to trigger blocks based on the risk level.
• Data Centers: enable specific detections for data center IPs.
• Denylists: automatically block requests from IPs categorized as abusive or from anonymous proxies/VPNs.

👉 Top tip: If your site has critical areas, such as /admin, apply stricter settings to those specific paths.

Take advantage of customizable actions

Bot Mitigation allows you to define specific actions for each type of detection:

• Block: prevents access from malicious IPs.
• JavaScript Challenge: filters bots by displaying a challenge that most will not be able to overcome.
• Captcha: ideal for balancing protection and accessibility. You can force a captcha for IP addresses detected as suspicious. Users who successfully complete the captcha will be able to access the site, and the risk associated with their IP will decrease over time.
• Bypass: mode that allows operation in detection mode. You will record statistics without blocking traffic.

VLC example for a JavaScript challenge:

sub vcl_recv {
    if (req.http.host == "www.example.com") {
        set req.http.TCDN-BM-Action = "jschallenge";
    }
}

sub vcl_recv {
    if (req.http.host == "www.example.com" && req.url ~ "^/admin") {
        set req.http.TCDN-BM-Action = "block";
    }
}

How to enable detection mode:

sub vcl_recv {
    if (req.http.host == "www.example.com") {
        set req.http.TCDN-BM-Action = "bypass";
    }
}

👉  You can find more examples of VLC instructions for optimally configuring bot mitigation in our documentation center

Integrates real-time IP evaluation

The botm_assessment command allows you to obtain advanced information about an IP in real time, such as its associated risk, whether it is an anonymous proxy, VPN, or if it is linked to forum abuse. With this data, you can dynamically adjust responses based on context. las respuestas según el contexto.

👉 Pro Tip: Use botm_assessment on critical paths to make informed decisions based on multiple factors.

Dynamic logic example in VLC:

sub vcl_recv {
    if (req.http.host == "www.example.com" && req.url ~ "^/posts") {
        call botm_assessment;

        if (var.get_int("botm-risk") > 50) {
            call show_captcha;
        } else if (var.get_int("botm-risk") > 15) {
            call show_jschallenge;
        }

        if (var.get("botm-is-abuse") == "1" && var.get_int("botm-risk") > 20) {
            call deny_request;
        }
    }
}

Use the fingerprint script for advanced bot detection

In addition to the IP reputation database, you can implement the fingerprinting script. This small JavaScript code gathers detailed information about the client’s JS engine and sends a report to our API for further analysis.

This approach makes it possible to identify advanced bots that simulate human behavior, improving the accuracy of real-time detection.

👉 Tip: include this script on pages with high traffic or those vulnerable to attacks.

Combine rules for more granular protection

Not all sites have the same security requirements. For example, you may decide to block datacenter IPs but allow access from anonymous proxies if they do not represent a high risk.

👉 Practical tip: design rules that prioritize essential business while mitigating threats.

Regularly monitor and adjustment

The effectiveness of any mitigation solution relies on its adaptability. Take advantage of the reports and statistics provided by Bot Mitigation to identify traffic patterns and adjust configurations.

Effective protection from the very beginning

Bot Mitigation not only protects against advanced and evasive bots out of the box, but also aligns with regulations like GDPR by not tracking or identifying users. It’s easy to install and doesn’t require any changes to your infrastructure, giving you full visibility into automated traffic through real-time forensic analysis.

Get started today with a few tweaks to your settings and protect yourself from the impact of even the most sophisticated bots without affecting the legitimate traffic that drives your business.afectar el tráfico legítimo que impulsa tu negocio.