Bot Detection

Pro

Identify and block malicious automated traffic, scrapers, credential stuffing tools, and vulnerability scanners using behavioral heuristics.

How Bot Detection Works

EdgeWrap analyzes incoming connection characteristics including User-Agent structure, TLS fingerprints, request frequency, and IP reputation. Based on this metadata, each request is assigned a Bot Score from 0 (highly likely human) to 100 (highly likely bot).

Dashboard Setup & Configuration

Configure Bot Detection settings in the EdgeWrap Dashboard:

  1. Navigate to your project in the dashboard at https://app.edgewrap.pro.
  2. Go to the Security page and select the Bot Detection tab.
  3. Toggle the Bot Detection switch to Enabled.
  4. Set the Block Threshold: requests scoring above this value are immediately blocked.
  5. Set the Challenge Threshold: requests scoring above this are served a JavaScript challenge.
  6. View real-time bot statistics and event logs in the panels below.

API Configuration

Alternatively, you can manage the Bot Detection thresholds programmatically:

ParamTypeDescription
enabledbooleanTurn bot detection engine on or off for the project.
blockThresholdnumberBot score threshold (0-100) above which requests are immediately rejected.(default: 75)
challengeThresholdnumberBot score threshold above which clients are served a JS challenge before accessing the origin.(default: 50)
blockModestringDefault action for blocked bots ('block' for hard 403 or 'challenge' for proof-of-work JS validation).(default: challenge)
Configure bot detection
curl -X PATCH https://server.edgewrap.pro/v1/projects/prj_01jxyz/bot-detection/config \
  -H "Authorization: Bearer <your_session_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "enabled": true,
    "blockThreshold": 80,
    "challengeThreshold": 55,
    "blockMode": "block"
  }'

Bot Events Log

Retrieve bot events logged by the gateway to analyze scraping patterns or investigate false positives.

List recent blocked/challenged bot events
curl https://server.edgewrap.pro/v1/projects/prj_01jxyz/bot-detection/events \
  -H "Authorization: Bearer <your_session_token>"
Tip: Legitimate bots (like Googlebot, Bingbot, and Slack crawler) are verified automatically via reverse DNS checks and bypass bot detection restrictions.