Bot Management
Task
Deploy Cloudflare Bot Management WAF Rule templates.
Why
Cloudflare Bot Management is Complete, not Complex. By using rule templates, you can quickly and easily deploy bot protection for your domains.
Steps
1. Deploy template rule for definite bots
In the Cloudflare Dashboard go to Security ‣ Bots ‣ Configure Bot Management.
Under WAF rule templates click Use template next to Definite Bots.
This will bring you into the familiar Custom rules dialog with a ready made rule!
Leave the rule as default, however so as not to impact other exercises, make the following changes to the URI Path criteria:
- Set the Operator to equals
- Set the Value to /hellobots
- Set the Action to Block with default values
You configuration should look something like this:
Deploy the rule.
2. Test rule
Open your terminal and inspect the HTTP headers received from the /hellobots
endpoint using the following command (replace cfdemolab-zone-xxx
with your own zone):
curl
$ curl -svo /dev/null "https://cfdemolab-zone-xxx.cfdemolab.xyz/hellobots"
< HTTP/2 403
< date: Thu, 26 Oct 2023 14:27:56 GMT
< content-type: text/html; charset=UTF-8
< content-length: 4512
< x-frame-options: SAMEORIGIN
< referrer-policy: same-origin
< cache-control: max-age=15
< expires: Thu, 26 Oct 2023 14:28:11 GMT
< set-cookie: __cf_bm=G4vpNBHbkvCNn35LBmEbXittWY_pdlYvqjyZsmvR7JA-1698330476-0-ARnmgXWqd6hRToD2ILSFzmtqcD3f6ijd2aL89k3lDA1n6EotvchqHKC9Xx6TCM0R8/W3WzDke36YlNnBEjQc0yQ=; path=/; expires=Thu, 26-Oct-23 14:57:56 GMT; domain=.appsvc.xyz; HttpOnly; Secure; SameSite=None
< server: cloudflare
< cf-ray: 81c362047fbe45a0-LHR
Powershell
PS> Invoke-WebRequest -Uri "https://cfdemolab-zone-xxx.cfdemolab.xyz/hellobots" -method HEAD
Invoke-WebRequest: Response status code does not indicate success: 403 (Forbidden).
Both curl
and the Powershell commands are recognized as a bot/automated tool, so your request has triggered the rule and the test is blocked.
3. Analyze the Block
In the Cloudflare Dashboard go to Security ‣ Events and take a look at the requests which triggered the block. Can you see which rule triggered the block?
We will talk more about Analytics & Events during the co-operative lab later.
Summary
In this section we’ve configured Bot Management.
Next, we will perform some CDN tuning & cache configuration.