Once you have configured the bot deception policy, the biometrics based detection rule, threshold based detection rule, and known bots rules, you can integrate them in a bot mitigation policy, and apply the policy in the web protection profile for bot mitigation. Two predefined mitigation policies are available here.
To configure a bot mitigation policy
- Go to Bot Mitigation > Bot Mitigation Policy.
- Click Create New.
- Configure these settings:
Type a unique name for the policy that can be referenced in other parts of the configuration.
Select a bot deception policy from the drop down list.
Biometrics Based Detection
Select a biometrics based detection rule from the drop down list.
Threshold Based Detection
Select a threshold based detection rule from the drop down list.
Select a predefined or newly created known bots rule from the drop down list.
Select the exception policy which specifies the elements to be exempted from the attack scan.
- Click OK.
To select a bot mitigation policy in a web protection profile
- Go to Policy > Web Protection Profile.
- Select the Inline Protection Profile tab.
- Select an existing web protection profile to which you want to include the bot mitigation policy.
- Click Edit.
- For Bot Mitigation > Bot Mitigation Policy, select the bot mitigation policy from the drop down list.
Note: To view details about a selected bot mitigation policy, click the view icon next to the drop down list.
- Click OK.
To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the Web Protection Configuration category. For details, see Permissions.