Set Bot Management Policies

Operation Steps

1. Log in to the Wangsu Console, locate the security product currently in use under the enabled products, and click to enter.
2. Go to the Protection Configuration > Security Policy page.
3. Find the Domain where you want to configure the security policy, click to enter the Security Policy editing page.
4. Select the Bot Management tab. If Bot Management is disabled, please enable it first.
5. Select the appropriate Bot Management Policy and set the Action to Skip/Log/Deny, etc.

Application Scenarios

Scenario 1: Prevent AI Large Model Crawlers and Protect Website Intellectual Property

• If monitoring detects a large volume of AI Bots traffic on your website, to prevent copyright infringement or sensitive data leaks caused by AI Bots, set the security policy action to “Block” to stop these requests. Learn more.
• If you need to allow certain specific AI crawler tools, you can manage them individually through Custom Bots. Learn more.

Scenario 2: Mitigate Website Access Pressure from Automated Programs

• Configure General Policy:

  • In Definite Bots policies, you can block common malicious automated tools with one click, including development frameworks, HTTP libraries, vulnerability scanners, crawler tools, proxy tools, and fake spiders. Learn more.

  • In Public Bots policies, allow crawlers beneficial to your business, such as search engines or market analytics; if there is no such need, set the action for that type to Block. Learn more.

  • Allow website-specific monitoring tools (if any): Create rules in Custom Bots based on the characteristics of your monitoring tools, and set the action to Allow. Learn more.

• Enable Web Risk Detection:

  • Confirm whether your website provides services other than Web/H5 pages. If so, add the relevant business characteristics to the Application Request Allowlist to avoid affecting access to such services when the Web Risk Detection policy is enabled.
  • Enable a JavaScript-based web enhancement protection solution. Set the action for Web Risk Detection to Block. Learn more.

Note: Before official deployment, it is recommended to first use the ‘Deployment - Pre-deployment’ button at the bottom of the page to perform a pre-deployment test and verify in advance the compatibility of the Web Risk Detection JS SDK with your website.

• After confirming the configuration is correct, click the Deploy button at the bottom of the page. On the confirmation page, click Deploy Directly to apply the configuration.

Scenario 3: Block behaviors that do not comply with normal business access logic

For behaviors that do not conform to normal business access patterns, such as automated tools bypassing page visits and continuously attacking a specific API, it is recommended to configure Business Flow Detection policies on top of Scenario 1 to enhance protection. For configuration details, refer to: Business Flow Detection Details.