Bot Manager provides you the flexibility to configure mitigation policies for bots attacking a certain URL path in your application. The URL Management functionality within Bot Manager Portal allows you to do so.

You can define these policies against:

  1. Exact URL Paths, or
  2. Regular Expressions that match multiple URLs

To more about regular expressions, click here


Defining a policy for an Exact URL Path

  1. Navigate to the Bot Management page of the Radware Bot Manger Portal.
  2. Under URL Management tab select Exact Match URLs tab
  3. Click on the Add New button
  4. In the pop-up, paste the exact URL path against which you wish to take action. Select the mitigation Action that you wish to take against bots that land on the URL. Submit your selection. 


Defining a policy for Regular Expressions

You can use a regex pattern to identify multiple URL paths and define a single mitigation action to be taken against them. For eg: 

There are 3 URLs Paths:

  • /shoes/
  • /shoes/nike/?size=9
  • /watches/

If you wish to define a mitigation policy of CAPTCHA against all path under shoes, you can define the regex pattern /shoes/.* and set Action to CAPTCHA Challenge.


Steps to configure a policy

  1. Navigate to the Bot Management page of the Radware Bot Manger Portal.
  2. Under URL Management tab select Regex URL Patterns tab
  3. Click on the Add New button
  4. Fill out the fields in the pop-up and Submit your selection


Rules for adding a Mitigation Policy (IMPORTANT)


URL Regex Pattern
  • This is the field where you define the regex pattern
  • Protocol (i.e., http / https) and Domain (for eg,. www.example.com) should NOT BE ADDED to the regex pattern.
  • DO NOT ADD .* (DOT ASTERISK) alone to the URL Regex Pattern Field as it essentially means that you want to take action against all URL Paths in your application. It can however be used with a combination of other inputs in the regex pattern. For eg. .*/signin/.* will be considered a valid.
  • Bot Manager DOES NOT SUPPORT escape character(\) preceding a forward-slash(/) in any regex pattern. For eg:

    Regex for URL path /signin/*, should be configured as /signin/.*. Configuring regex as \/signin\/.* will not be supported.

  • Bot Manager follows the Java Regular Expression standards of configuring regex. Therefore, while configuring a pattern, ensure the same standard of regex configuration is followed.
Priority
  • Each regex pattern configured has a priority associated with it. The priority Range starts from 1 to 65,000 (1 being the highest priority)
  • If you define 2 mitigation policies that lead to the regex pattern matching with the same URL path, the one defined with greater priority will take precedence over the other and execute. The lower priority policy will not execute in this case.
  • HIGHLY RECOMMENDED: Ensure that there is a numerical gap of at least 20 values between each policy defined. This will help you add additional policies between the already existing ones.
General
  • If you wish to define mitigation policy against an Exact Match URL Path, DO NOT USE URL Regex Patterns Tab. Use the Exact Match URLs tab for it.
  • Policies defined under Exact Match URLs will have greater mitigation priority over any policy defined under Regex URL Patterns.
  • We do not recommend definition of more than 400 regex patterns.
  • You can use an interactive regular expression console (like Regex101) to verify if the pattern configured matches with the set of URLs against which you wish to take action.
  • Each domain name has an associated IP to which requests are made. Defining a regex pattern with the associated IP address instead of the domain itself will not lead to action being taken against bots for a URL path of that domain.



NOTE: