App Services Architecture & Implementation

Bot Management

Task

Deploy Cloudflare Bot Management WAF Rule templates.

Why

Cloudflare Bot Management is Complete, not Complex. By using rule templates, you can quickly and easily deploy bot protection for your domains.

Steps

1. Deploy template rule for definite bots

In the Cloudflare Dashboard go to Security ‣ Bots ‣ Configure Bot Management.

Bot Management Nav

Under WAF rule templates click Use template next to Definite Bots.

Bot Management Use Template

This will bring you into the familiar Custom rules dialog with a ready made rule!

Leave the rule as default, however so as not to impact other exercises, make the following changes to the URI Path criteria:

  • Set the Operator to equals
  • Set the Value to /hellobots
  • Set the Action to Block with default values

You configuration should look something like this:

Deploy Bot Rule

Deploy the rule.

2. Test rule

Open your terminal and inspect the HTTP headers received from the /hellobots endpoint using the following command (replace cfdemolab-zone-xxx with your own zone):

curl

curl -I "https://cfdemolab-zone-xxx.cfdemolab.xyz/hellobots"
< HTTP/2 403
< date: Thu, 26 Oct 2023 14:27:56 GMT
< content-type: text/html; charset=UTF-8
< content-length: 4512
< x-frame-options: SAMEORIGIN
< referrer-policy: same-origin
< cache-control: max-age=15
< expires: Thu, 26 Oct 2023 14:28:11 GMT
< set-cookie: __cf_bm=G4vpNBHbkvCNn35LBmEbXittWY_pdlYvqjyZsmvR7JA-1698330476-0-ARnmgXWqd6hRToD2ILSFzmtqcD3f6ijd2aL89k3lDA1n6EotvchqHKC9Xx6TCM0R8/W3WzDke36YlNnBEjQc0yQ=; path=/; expires=Thu, 26-Oct-23 14:57:56 GMT; domain=.appsvc.xyz; HttpOnly; Secure; SameSite=None
< server: cloudflare
< cf-ray: 81c362047fbe45a0-LHR

Powershell

Invoke-WebRequest -Uri "https://cfdemolab-zone-xxx.cfdemolab.xyz/hellobots" -method HEAD
Invoke-WebRequest: Response status code does not indicate success: 403 (Forbidden).

Both curl and the Powershell commands are recognized as a bot/automated tool, so your request has triggered the rule and the test is blocked.

3. Analyze the Block

In the Cloudflare Dashboard go to Security ‣ Events and take a look at the requests which triggered the block. Can you see which rule triggered the block?

If you don't see the events immediately, or if you just want to see a smaller time period, try switching to 'Previous 30 minutes'

Summary

In this section we’ve configured Bot Management.

Next, we will perform some CDN tuning & cache configuration.