Last update:2024-10-28 17:27:44
Example: The ticketing website www.ticket.com is selling concert tickets today via the interface /api/BuyTicket on Monday 10:00 - 11:00 (GMT+8). To prevent improper ticket hoarding, it is necessary to limit the frequency of accessing this interface to not exceed 100 times in 10 seconds. If this threshold is exceeded, requests access to this interface from that client IP should be blocked for 10 minutes. The configuration steps are as follows:
Configure Match Conditions: select Object as “Path”, Operatoer as “equals”, and type the content “/api/BuyTicket”
Configure Counts: select Client Identifier as “Client IP”, Thigger Condition as “Within 10 seconds, the 100th request starts the action.”, Action as “Deny”, and set the Action Expiration Time “600 seconds”, finally set the Effective Time Period as “Monday, 10:00 - 11:00, GMT+8”.
Click Confirm to create this rule.
The configuration is shown below:
Before publishing to production, it is recommended to pre-publish a test through the “Publish Changes - Publish to Staging” button at the bottom of the page to validate the compatibility of the Web Bot Detection’s JS SDK with your website.
After confirming the configuration is correct, click the Publish Changes button at the bottom of the page, and click on Publish to Production button at the bottom of the page to make the configuration effective.
For Behaviors that do not comply with the normal business access logic, such as automated tools bypassing page visits and directly launching continuous attacks on a certain interface. it is recommended to configure Workflow Detection strategy on top of Scenario 2 to strengthen the protection. For configuration examples, please refer to Workflow Detection Details.