Bot Detection
ProIdentify and block malicious automated traffic, scrapers, credential stuffing tools, and vulnerability scanners using behavioral heuristics.
How Bot Detection Works
EdgeWrap analyzes incoming connection characteristics including User-Agent structure, TLS fingerprints, request frequency, and IP reputation. Based on this metadata, each request is assigned a Bot Score from 0 (highly likely human) to 100 (highly likely bot).
Dashboard Setup & Configuration
Configure Bot Detection settings in the EdgeWrap Dashboard:
- Navigate to your project in the dashboard at
https://app.edgewrap.pro. - Go to the Security page and select the Bot Detection tab.
- Toggle the Bot Detection switch to Enabled.
- Set the Block Threshold: requests scoring above this value are immediately blocked.
- Set the Challenge Threshold: requests scoring above this are served a JavaScript challenge.
- View real-time bot statistics and event logs in the panels below.
API Configuration
Alternatively, you can manage the Bot Detection thresholds programmatically:
| Param | Type | Description |
|---|---|---|
| enabled | boolean | Turn bot detection engine on or off for the project. |
| blockThreshold | number | Bot score threshold (0-100) above which requests are immediately rejected.(default: 75) |
| challengeThreshold | number | Bot score threshold above which clients are served a JS challenge before accessing the origin.(default: 50) |
| blockMode | string | Default action for blocked bots ('block' for hard 403 or 'challenge' for proof-of-work JS validation).(default: challenge) |
Configure bot detection
curl -X PATCH https://server.edgewrap.pro/v1/projects/prj_01jxyz/bot-detection/config \
-H "Authorization: Bearer <your_session_token>" \
-H "Content-Type: application/json" \
-d '{
"enabled": true,
"blockThreshold": 80,
"challengeThreshold": 55,
"blockMode": "block"
}'Bot Events Log
Retrieve bot events logged by the gateway to analyze scraping patterns or investigate false positives.
List recent blocked/challenged bot events
curl https://server.edgewrap.pro/v1/projects/prj_01jxyz/bot-detection/events \
-H "Authorization: Bearer <your_session_token>"Tip: Legitimate bots (like Googlebot, Bingbot, and Slack crawler) are verified automatically via reverse DNS checks and bypass bot detection restrictions.