Bot management is a feature that enables you to effectively manage unwanted/malicious bot access to your domain.
You can find this security feature by navigating to ‘ Origin Shield’ > 'Bot management', and then look for the 'Bot management' box.
Toggle the switch to turn on/off this security feature. You can also change settings based on your security requirement.
There are 3 settings that you can control:
- Security level
- Challenge passage
- Challenge mode
Security level
This gives you the ability to set the sensitivity of the security to trigger the challenge.
The system will track the request per minute and then challenge the request after it exceeds the 'request threshold'. The challenged request is required to include a unique token to pass the security check. The challenge will be triggered again if the request with the same token exceeds the 'Token request threshold'.
Here are the definitions for the available options:
| Security level | Request threshold | Token request threshold |
| Under attack | 0 | 0 |
| High | 0 | 10 |
| Medium | 1000 | 60 |
| Low | 2000 | 60 |
| Essentially off | 3000 | 60 |
Challenge passage
Set the timer for the next challenge if the same user/client requests again. For example, if the challenge passage is set to 5 minutes, the checking of security thresholds will be triggered again 5 minutes after the same user completed the last challenge.
Challenge mode
You can select the challenge mode based on the situation you're dealing with.
- Browser-based (no delay): will initiate a JS challenge, which will trace whether the request was sent by a bot or not, before performing the request.
- Browser-based (standard): will initiate a JS challenge, which will redirect the request to a timer page set for 5 seconds, before performing the request.
- Human-based: will initiate a CAPTCHA challenge, which redirects the request to a test page where users have to take the “I am not a robot” test, before performing the request.