Skip to main content

Bot Mitigation

IO River's bot mitigation feature provides intelligent protection against automated bot traffic, ensuring that only legitimate human users can access your content and APIs. This security mechanism is configured once, and is integrated seamlessly into your CDN providers.

Overview

Bot mitigation is available in two contexts:

  • Custom Rules: Apply bot detection to specific traffic patterns or endpoints
  • Rate Limiting Rules: Combine bot validation with rate limiting for enhanced protection

When a request matches the configured rule parameters, the CDN automatically validates that the client is not a bot before allowing access to the requested page or API. This challenge-response mechanism happens transparently at the edge, protecting both your origin servers and intellectual property from bot traffic, while minimizing impact on legitimate users.

How It Works

When BOT mitigation is enabled for a rule:

  • The CDN evaluates incoming requests against your configured rule parameters
  • Requests matching the criteria trigger a bot validation challenge
  • Typically, this validation takes a short time and does not require client interaction
  • The client must successfully complete the validation to prove it's a legitimate browser
  • Once validated, the request is allowed to proceed
  • Failed validation attempts are blocked at the edge

This approach provides robust protection against various types of automated threats, including scrapers, credential stuffing attacks, and DDoS attempts, while maintaining a smooth experience for real users.

Configuring BOT Mitigation

Create a custom rule or a rate limiting rule:

  • Define the parameters when the rule triggers
  • Select Challenge as the action