AWS wants to help with your website’s nasty bot problem
New AWS tool simplifies bot traffic management.
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
AmazonWeb Services (AWS) has launched a new tool designed to eliminate unwanted bot traffic coming into web applications. Called the AWS WAF Bot Control, the tool allows IT managers to identify and take action against common bot traffic.
Announcing the new offering in ablog post, AWS Principal Developer Advocate Sébastien Stormacq said the tool will be integrated into AWS Web Application Firewall, and centrally managed using AWS Firewall Manager, for large enterprise use cases.
Available today in all AWS Regions where AWS WAF is supported, Bot Control will set you back $10/month, prorated by the hour, for each time Bot Control is added to the webaccess controllist (ACL).
There’s also an additional cost of $1 per million requests processed by Bot Control. However, it can filter traffic for CloudFront distributions, Application Load Balancer, API Gateway and AppSync.
Customizing the solution
Further describing the features of the new offering, Stormacq explained how Bot Control analyzes request metadata, such as TLS handshakes, HTTP attributes, or IP addresses. This allows it to identify the source and purpose of a bot (given that not all bots are malicious) and place it into one of a few different categories: scraper,SEO, crawler or site monitor.
The default action for unwanted bot traffic is, obviously, to block it. However, Bot Control allows users to customize the configuration. For example, admins can return a response tailored for different bot types, or flag the request by inserting a new header.
AWSalso added two new functionalities to AWS WAF Managed Rule Groups, which the Bot Control will also use: labeling and scope down statements. With labeling, users can evaluate multiple statements using the Count action, and then act based on the labels. Scope down statements, on the other hand, allow the user to define under which conditions the managed rule group will execute.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
They can be used, for example, to reduce costs on paid managed rule groups, avoiding false positives, or to avoid latency impact for various paths.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
iStorage Group acquires Kanguru Solutions as it looks to expand security offering
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’
